I have a setup where Unity Windows application acts as a graphics client for another windows application, and needs to log in through identity provider (Keycloak) to get access to data of the other application, which acts as server. I succeeded in opening the login screen for Keycloak:
string requestUri = string.Format("{0}?response_type=code&redirect_uri={1}&client_id={2}&code_challenge={3}&code_challenge_method={4}&scope={5}",
authorizationEndpoint,
System.Uri.EscapeDataString(redirectURI),
clientID,
code_challenge,
code_challenge_method,
scope);
System.Diagnostics.Process.Start(requestUri, " --new-window");
Then a browser window shows up, where I put my username and password. When they match a user in the Keycloak server database, the browser window gets redirected to:
http://localhost:6698/callback.html?session_state=<randomString>&iss=http%3A%2F%2F<keycloakIP>t%3A8080%2Frealms%2Fwebclient&code=<authCodeRandomString>
How to extract code=<authCodeRandomString>
from the browser, so that I can use it in a request to get the access token?
I have a WebGL version of the application that uses JavaScript in index.html, which has window.addEventListener
and then calls C# method getAuthResults
, but I don’t know how to do it in Windows.
function startAuth(authRequest)
{
console.log("Start auth has been called");
window.addEventListener('message', function (e)
{
myGameInstance.SendMessage('OAuth', 'getAuthResults', e.data);
}, false);
var childwin;
const childname = "Authenticate";
childwin = window.open(authRequest, childname, 'height=500px, width=500px');
childwin.focus();
};
The discussions I found on this topic were WebGL Unity talking to another browser window. But I wasn’t able to see a discussion combining Windows Unity app and browser.
Tor context, here is my callback.html:
<!DOCTYPE html>
<html lang="en-us">
<head>
<h1>You can now return to the application.</h1>
<script>
//Parse query string helper function
function getParameterByName(name, url = window.location.href)
{
name = name.replace(/[\[\]]/g, '\\$&');
var regex = new RegExp('[?&]' + name + '(=([^&#]*)|&|#|$)'), results = regex.exec(url);
if (!results)
{
return null;
}
if (!results[2])
{
return '';
}
return decodeURIComponent(results[2].replace(/\+/g, ' '));
}
//Get auth code from query string
var code = getParameterByName('code');
//Get state from query string
var state = getParameterByName('state');
window.opener.postMessage(code + "," + state, "*")
</script>
</head>
<body>
<script>
// Set the Access-Control-Allow-Origin header
header("Access-Control-Allow-Origin: *");
</script>
</body>
</html>