Is there any existing or planned capability to gate content downloads behind some form of authentication (and matching logic in Addressables)? This is currently a blocker for me - thinking I need to move to protected S3 and custom IResourceProvider/IHostingService implementations instead?
It’s certainly been discussed, but nothing will be ready there in the short term. What kind of authentication mechanism would you want to see there? Can you describe your use case a bit and how you plan to manage secrets / auth details?
Hi @dannyd , I’m actually working on an enterprise focused project that allows different customers to access their own content. Eventually I would be integrating with their CMS, but for speed in the concept stage I wanted to just leverage Unity’s solution. Probably the main thing I would be looking for would just be that the stored assets aren’t openly accessible on the internet like they currently are. An API key per bucket for downloads that I can build into my application or get the user to enter locally would tick the diligence box for me at this stage.
@RichLogan_1 thanks for the followup! That is helpful. We have plans to add this sort of functionality, but I don’t have an exact timeline to share there yet.
Hello,
@dannyd , can I ask you if you guys have some update on this topic please?
Will be greate to have something like apple DeviceCheck system, for check if the access is from a valid app. Or a signed URL maybe.
Thanks.
@Milluz no updates to share here yet. It’s on our roadmap this year though.
Hi @RichLogan_1 , I’m the product manager for CCD. We’ve finally gotten around to private content. We’re brainstorming a few solutions and would love to get your thoughts:
- Option 1 would be to provide bucket level access keys. Only users with the access keys would be able to retrieve content from CCD. We imagine this to be similar to how Github allows users to generate keys.
- Option 2 would be to support an IP whitelist per bucket (screenshots below). Only IPs on the list would be able to access content from CCD. We imagine this solution would be in addition to Option 1.
Would either of these solutions work for your needs? Is the bucket level the right level for security?