#Sign in to unity services with custom id

Hey everyone! I'm making a game for telegram using Unity.
Telegram provides a user id that i want to use to sign in to unity services to use cloud save and save user data in between sessions and devices.
Unity AI is proposing to use SignInWithCustomIdAsync, but i can't find any info on such method.

So i had to create a Cloud Code js script that does sign in with custom id and returns id and session tokens - as described in unity docs (https://services.docs.unity.com/docs/client-auth/#custom-id-authentication).
The whole flow works like this:

1. sign in anonymously - for cloud code to work;
2. call cloud code - to get new session data for user with custom id;
   2.1. cloud code calls token exchange api to get stateless token;
   2.2. cloud code signs in user with custom id;
   2.3. cloud code returns idToken and sessionToken;
3. sign out - to be able to authenticate with id and session token;
4. sign in via id and session token that i get from cloud code.
5. we have successfully logged in with custom id.

One of the issues i have with this is that unity web api docs suggest to keep the stateless token (result of step 2.1) locally and refresh when expired, but i can't really do that as it is serverless function.
Another issue is that it seems kinda cumbersome and inefficient with sign in anonymous and the sign out to sign in again...

So does it even make sense to use unity cloud for signing in with custom id?
Or would it be better to move this cloud code script to other BE service?

Maybe there are some suggestions for how would it be better to log in with custom id?

You would need Cloud Code to somehow authenticate your Telegram users before returning an access code

Couple of things..

• You shouldn't need Cloud Code to retrieve the tokens. You can simply make web requests from a Unity client to https://player-auth.services.api.unity.com as far as I know.
• You also shouldn't have to sign out and sign back in. You can link an existing account that's already signed in to any sign-in provider, including custom ID. Although none of this really matters anymore if you stop using Cloud Code and just use a web request in Unity.

Technically cloud code does authenticate Telegram user and returns id and session of the signed in unity player linked to this telegram user. Am i misunderstanding something?

i did think about using unity requests, but that means keeping service account key and secret key (that are used for creating stateless token) in client code, which is a risk of breach, as they can be used to call any of unity web api's.
Same breach would happen if i would return stateless token to unity.

regarding linking accounts - it's fine with first login, when telegram user id is not linked with unity player id.
As i understood on second login it would link telegram user id with a new anonymous unity player id.
Or would linking same id just return previous user?
If not, what would happen with previous player id?

And actually if i don't get previous user, then it doesn't really make sense as i need cloud saves for first linked user

I figured that's what I was missing. Wasn't sure how you were authenticating Telegram. Yeah, using Cloud Code for that will mean needing a signed in user.

My advice is really only applicable if you can authenticate Telegram without Cloud Code. Last time I would've done a similar implementation was with PlayFab. Using their Unity Client API to login which returns a PlayFab ID, getting the appropriate tokens from https://player-auth.services.api.unity.com and then using PlayFab ID and the tokens to sign in or link with Custom ID.

Not sure if a similar route is available with Telegram.

it's a telegram mini app which is launched from within telegram app and it passes user id and other info to web app - which in this case is unity webgl build

Yeah I guess I'm forgetting that I stored my keys on PlayFab in my scenario. Which I guess goes back to your original question that having an additional backend service can make things easier.

But I think the route you're going is fine. In your situation I would probably prefer to go Unity only.

well i do use firebase as cdn, so i was wondering if it would make sense to move login logics there

I'm personally not a fan of Firebase in terms of security and Unity integration. But yeah, that could work. I'm not sure it would really cut down much from just using Unity though.

When you link with Custom ID, it should link to whatever Unity account is currently logged in. In your case that should be the original anonymous sign in.

oh, ok, didn't know how linking works, good to know.

If by "second login" you mean the user coming back to the app for a second time after already having linked - the anonymous sign in should use a session token that Unity caches locally on the device to automatically log in using that Custom ID that was previously linked.

oh, good to know, and if he logs in on another device i would need to link and that would give me back the same user as on other device, right?

The only edge case you would have to worry about is that session token getting cleared, which would mean a fresh anonymous sign in, try-catch the link and catch the exception that tells you the ID is already linked, sign out and then sign back in with the custom ID.

Yeah, what I described above would also deal with this too I think.

ok, thanks for suggestions

any ideas where i could store stateless token for reusability?

Unity stores the Session Token for Authentication in PlayerPrefs. Could probably use that if you're looking to store it locally.