You may prefer watching a video instead of reading, here it is!

Weeks ago, I published a course on Udemy explaining how Unity and Amazon Cognito can work together. In one of the lectures of the course, I mentioned that reading Cognito tokens in Unity brings some advantages: since important information is contained in those tokens, we can get rid of a Cognito API call to retrieve user information. The counterpart would be that it could be somehow challenging to decode JWTs in Unity. But we love challenges so let’s do it!

If you want to know how to use Amazon Cognito as a user directory or if you want to connect Unity with Amazon services such as Lambda, S3, or DynamoDB, I recommend you check my new course on Udemy:

That said, let’s start!

Cognito works with JSON web tokens (or JWTs). After logging in with a Cognito user, Cognito sends 3 JSON web tokens to the Unity client: access, ID and refresh tokens. Those tokens contain important information that can be extracted and used by the Unity client. In this post, we will focus on the ID token, since it contains interesting information about the user.

In order to create those tokens, Cognito first converts the original JSON data into binary data and then into text data thanks to the base64 algorithm. Just a side comment about a common mistake: JSON web tokens are NOT encrypted; they are encoded, meaning that they can be easily decoded on the client side. Plenty of online tools such as jwt.io offer JWT decoding.

To decode JSON web tokens in Unity, we are going to do the reverse process: convert the text data into binary data and then into a string thanks to UTF-8. We could also use ASCII but I recommend using UTF-8 to handle a large range of characters: Russian, Chinese, etc.

Now, let’s talk about the padding characters. When it comes to base64 decoding, the length of the data text must be a multiple of four. I won’t enter into details because that’s something complex with octets and sextets but anyway! If the length of the data text is not a multiple of four, we must add the necessary padding characters at the end. The padding character in base64 is always the equals sign (=). 

And here is the code:

Notes:

• JWTs consist of three parts separated by dots: header, payload, and signature. So, we will split the ID token thanks to the Split function (9) and we ensure that it contains three parts (11). Otherwise, this is not a valid token. 
• The information we need is contained in the payload, so we isolate it (13).
• We calculate how many padding characters we will add at the end of the payload. So first, we calculate the remainder of the division by four using the modulo operator (14).
• If the remainder is equal to zero, we can decode the text. Otherwise, we calculate how many characters are missing (18) and we add the padding characters at the end of the payload (19). 
• We convert the data into binary (22) thanks to the FromBase64String function and into string thanks to the GetString function (23).
• The resulting string is a JSON string, so we convert it into an object (25) and we show it on screen (26).

That’s it! This post was a bit more technical than other posts of mine but you can now decode Cognito tokens and more generally JSON web tokens in Unity. 

Thanks for reading until the end! If you have any feedback or suggestions, please reach out to me on my social networks:

Alexandre Bruffa

The post Reading JWTs in Unity appeared first on ab.

Check it out: Unity + Amazon Cognito: The ultimate guide 2024!

This course focuses on how Unity and Amazon Cognito can work together and is divided into two main parts: using Cognito as a user directory and as an authorization service for Unity.

In the first part of the course we will see how Amazon Cognito can be used as a user directory. We will learn how to create, retrieve, and delete users from Unity. I will also show you some advanced features of Cognito such as the hosted UI or the federation endpoints and how to log in to a Cognito user with a Google account.

In the second part of the course, we will use Amazon Cognito as an authorization service. We will access Lambda, S3, and DynamoDB from Unity with guest and authenticated users. We will also see the pros and cons of having a direct integration vs. exposing an endpoint and how Cognito can act as an authorizer to secure an endpoint.

I conceived this course as a practice guide; beyond learning Cognito concepts and features, I will show how to write functional C# code in Unity scripts and how to use the AWS console with different Amazon services.

I really hope you will like it and find it useful for your future personal or professional projects. If you have some feedback or suggestions, please reach out to me on my social networks:

Alexandre Bruffa

The post Unity + Amazon Cognito: My New Course on Udemy! appeared first on ab.

Days ago, I published an article about creating a simple signup flow with Unity3D and AWS Cognito. Some days later, Yan Cui published an excellent article about a passwordless integration with Vue, Amplify, and AWS Cognito. I talked with him later, and he asked me the following:

Out of curiosity, what client did you use for Unity, the C# AWS SDK?

I did not use the AWS SDK for .NET; since integrating Unity and Cognito is relatively simple, I used “Vanilla” Unity. At this point, I started to doubt my own words. Is it easier to use Vanilla Unity over the AWS SDK? Let’s see.

Dealing With the AWS SDK for .NET

Do you remember my article about building a monitoring system? I used there the AWS SDK to integrate Unity and S3. Please refer to it for a detailed explanation of the NuGet mechanism.

For the current integration, we need the AWS core and the AWS Cognito packages. Since the AWS SDK functions use asynchronous tasks, we also need the AsyncInterfaces package.

We download the three packages, unzip them, and place the DLL files in the Plugins folder of our project:

The Code

First of all, we create the Cognito client:

Notes:

• We use the AmazonCognitoIdentityProviderClient constructor to create a new Cognito client.
• Since we connect as an anonymous user (without credentials, IAM user, or other), we use the class AnonymousAWSCredentials.
• We specify the region where the Cognito User Pool has been created (In my case, Ohio).

Then, we create the signup function with the following code:

Notes:

• The class Task is a pure .NET mechanism to manage asynchronous processes. You can call it in Unity with the await operator within an async function.
• We add an email attribute to perform an email confirmation.
• We perform the signup thanks to the SignUpRequest and SignUpAsync classes as specified in the documentation.

And here is the confirm function:

Notes:

• We send the code we received by email.
• We perform the signup confirmation thanks to the ConfirmSignUpRequest and ConfirmSignUpAsync classes, as specified in the documentation.

Conclusion

Working with the AWS SDK in Unity is complex: you have to install the SDK through the NuGet website, work with .NET asynchronous classes, create a client, deal with the credentials, and check the AWS documentation to implement the functions.

However, working with the AWS SDK is a good practice; it may be a bit tedious for this particular case, but it is a game changer for complex processes like a file upload to S3. Furthermore, almost all the AWS SDK implementations have the same structure (Task -> Request -> Function), making it much easier after successfully performing your first implementation.

Thanks for reading this article. I hope you liked it!

The post Signing Up Users From Unity3D to AWS Cognito Using the AWS SDK for .NET appeared first on ab.

Weeks ago, a nice guy reached out to me on LinkedIn. He told me the following:

Hey, Alexandre, how are you? I’m trying to register users in an AWS Cognito User Pool from a Unity3D app, but I’m struggling to find literature for this. Could you help me to build a simple signup flow?

Oh, this is interesting! I usually receive questions on my social networks, but this one deserves a detailed answer. Let’s see.

If you prefer watching a video instead of reading, please check the following video:

The Cognito Signup Flow

The Cognito documentation tells us the following:

1. A user first signs up to Cognito. State: Unconfirmed
2. Then, the signup needs to be confirmed. There are three ways to do it: the user can do it by email or phone, it can be done with an admin function, or it can be done automatically with a Lambda trigger. State: Confirmed.
3. The user can log in.

User Confirm, Admin Confirm, and Automatic confirm:

This article will detail the signup process and the three ways to confirm it.

Cognito

When you create your User Pool, ensure you have chosen a confirmation method. I can be by email or by SMS. In this article, we will perform an email validation.

Also, activate the self-service sign-up so that the users can signup themselves.

The Signup

Here’s what the signup function in Unity looks like:

Notes:

• We send the three mandatory attributes specified in the Cognito documentation: the username, the password, and the User Pool application ID.
• We send the user’s email as a user attribute so that Cognito can send the user an email with a confirmation code.
• The Post function of UnityWebRequest does not support JSON strings and uses a strange HTML string encryption instead. A workaround is to do a weird trick with a byte array and a Put request. Please let me know if you have a better solution in the comments section.
• We specify the value AWSCognitoIdentityProviderService.SignUp as a header.

After executing the code above, Cognito returns in Unity the following answer indicating that the user is not confirmed yet and that an email has been sent:

Let’s check it; a new user appeared in the User Pool with an unconfirmed status:

And we received a no-reply email with the confirmation code:

The Signup Confirmation: The User Way

This is the signup confirmation function in Unity:

Notes:

• We send the three mandatory attributes specified in the Cognito documentation: the username, the confirmation code we received by email, and the User Pool application ID.
• We specify the value AWSCognitoIdentityProviderService.ConfirmSignUp as a header.

After executing the code above, we can observe that the signup has been confirmed:

The user can now log in.

The Signup Confirmation: The Admin Way

Once the user has been created, we can confirm it with a Lambda function in this way:

Notes:

• We use the function admin_confirm_sign_up of boto3 to confirm the user

The Signup Confirmation: The Automatic Way

Another way to confirm the user’s signup is by using a Cognito trigger and a Lambda function.

First of all, we create our Lambda function:

We indicate to Cognito that the user is confirmed, as specified in the Cognito documentation.

Then, we create a pre-sign-up Lambda trigger in Cognito, and we attach our Lambda function:

Go back to Unity. We execute the signup function, and Cognito returns a message indicating that the signup has been automatically confirmed. No email has been sent, and we don’t need the Unity confirmation function.

Costs

Unless you have more than 50,000 MAUs (monthly active users) in your User Pool, Cognito is totally free! Unity3D is also free unless you want to unlock some specific options.

Note that there is a limitation for email sending with Cognito. If you need to send more than 50 emails daily, you should use SES. Suppose that your game is a huge success and has 30k new users in a month; your signup system would cost 3.00 USD monthly.

Closing Thoughts

This article shows three ways of building a whole signup flow using Unity3D and AWS Cognito: with user email confirmation, with admin confirmation, and with automatic confirmation.

I truly hope you liked this article. If you have any questions, don’t hesitate to get in touch with me on my social media. I will be glad to answer you!

Thanks for reading!

The post Building a Simple Signup Flow With Unity3D and AWS Cognito appeared first on ab.