Way to get the game-center verification signature with Unity.

unity_ios_verificationsignature.md

Even tho Unity has implemented a game-center api (Social api) it doesn't have a way to generate a verification signature, which you need to use game-center as a authentication method.

Luckily the objective-c code required is pretty straight forward. (Apple documentation: generateIdentityVerificationSignature)

#import <Foundation/Foundation.h>
#import <GameKit/GameKit.h>

typedef void (*IdentityVerificationSignatureCallback)(const char * publicKeyUrl, const char * signature, int signatureLength, const char * salt, int saltLength, const uint64_t timestamp, const char * error);

extern void generateIdentityVerificationSignature(IdentityVerificationSignatureCallback callback) {
    
    GKLocalPlayer * localPlayer = [GKLocalPlayer localPlayer];

    NSLog(@"LocalPlayer: %@", localPlayer.playerID);
    [localPlayer generateIdentityVerificationSignatureWithCompletionHandler:^(NSURL * publicKeyUrl, NSData * signature, NSData * salt, uint64_t timestamp, NSError * error) {

        NSLog(@"Received 'generateIdentityVerificationSignature' callback, error: %@", error.description);

        // Create a pool for releasing the resources we create
        @autoreleasepool {
            
            // PublicKeyUrl
            const char * publicKeyUrlCharPointer = NULL;
            if (publicKeyUrl != NULL)
            {
                const NSString * publicKeyUrlString = [[NSString alloc] initWithString:[publicKeyUrl absoluteString]];
                publicKeyUrlCharPointer = [publicKeyUrlString UTF8String];
            }

            // Signature
            const char * signatureBytes = [signature bytes];
            int signatureLength = (int)[signature length];

            // Salt
            const char * saltBytes = [salt bytes];
            int saltLength = (int)[salt length];

            // Error
            const NSString * errorString = error.description;
            const char * errorStringPointer = [errorString UTF8String];

            // Callback
            callback(publicKeyUrlCharPointer, signatureBytes, signatureLength, saltBytes, saltLength, timestamp, errorStringPointer);
        }
    }];
}

Strings are marshalled automatically for us and for the byte[]'s we pass a pointer to the obj-c memory, that way we can copy the data into managed arrays.

// Add a using for: AOT
// Add a using for: System.Runtime.InteropServices

[UnmanagedFunctionPointer(CallingConvention.Cdecl)]
private delegate void IdentityVerificationSignatureCallback(
    string publicKeyUrl, 
    IntPtr signaturePointer, int signatureLength,
    IntPtr saltPointer, int saltLength,
    ulong timestamp,
    string error);

[DllImport("__Internal")]
private static extern void generateIdentityVerificationSignature(
    [MarshalAs(UnmanagedType.FunctionPtr)]IdentityVerificationSignatureCallback callback);

// Note: This callback has to be static because Unity's il2Cpp doesn't support marshalling instance methods.
[MonoPInvokeCallback(typeof(IdentityVerificationSignatureCallback))]
private static void OnIdentityVerificationSignatureGenerated(
    string publicKeyUrl, 
    IntPtr signaturePointer, int signatureLength,
    IntPtr saltPointer, int saltLength,
    ulong timestamp,
    string error)
{
    // Create a managed array for the signature
    var signature = new byte[signatureLength];
    Marshal.Copy(signaturePointer, signature, 0, signatureLength);

    // Create a managed array for the salt
    var salt = new byte[saltLength];
    Marshal.Copy(saltPointer, salt, 0, saltLength);

    UnityEngine.Debug.Log($"publicKeyUrl: {publicKeyUrl}");
    UnityEngine.Debug.Log($"signature: {signature.Length}");
    UnityEngine.Debug.Log($"salt: {salt.Length}");
    UnityEngine.Debug.Log($"timestamp: {timestamp}");
    UnityEngine.Debug.Log($"error: {error}");
}

You can then call generateIdentityVerificationSignature and give it OnIdentityVerificationSignatureGenerated as a callback, you can then in the callback save the results to a static variable for example.

Note: this assumes that the user is already logged-in to game-center, luckily Unity has already implemented the api to login:

Social.localUser.Authenticate(success =>
{

});

For info on where to place the objective-c code Unity has a manual page: PluginsForIOS

Hey Bastian, thanks for this gist! I ran into some trouble when building in XCode however, was wondering if you'd be able to lend a hand:

Undefined symbols for architecture arm64: "_generateIdentityVerificationSignature", referenced from: _IOSService_LinkWithPlayFab_m50C06AB4A24D0671D8FFFA339CDF9E97E004B60B in Assembly-CSharp1.o _IOSService_generateIdentityVerificationSignature_m984F45BAEDBD21D460CB748008F996C974F752BE in Assembly-CSharp1.o _U3CU3Ec__DisplayClass3_0_U3CLinkWithPlayFabU3Eb__0_m41D6AB0E02E8D40953DC88EC2554F12591BEED1F in Assembly-CSharp1.o (maybe you meant: _IOSService_generateIdentityVerificationSignature_m984F45BAEDBD21D460CB748008F996C974F752BE) ld: symbol(s) not found for architecture arm64 clang: error: linker command failed with exit code 1 (use -v to see invocation)

The code in the project is exactly as shown here, aside from some minor changes in the .mm file (that shouldn't be causing this linker issue). Thanks in advance for any help you can provide!

Hey Jacob,

Sounds like Unity did not include the objective-c code and it fails to link the extern void generateIdentityVerificationSignature in the c# to the objective-c function.

You could double check if the .m file (its objective-c not objective-c++ so .m is sufficient however .mm will work also), is flagged to be included in Unity:

The obj-c uses the GameKit api so its important make the obj-c file depend on the GameKit framework.

Alternatively you could check in the xcode project if the code with the generateIdentityVerificationSignature obj-c function is present.

Thanks for the swift reply! I've now got it fixed. The plugin was set up correctly in Unity, but changing it to a .m file instead of .mm seemed to do the trick. I also renamed the file to how you had it named, but I don't think that made any difference. Thanks again for your help!

Good to hear that it works, interesting that .mm did not work. Could be that the c++ function name mangling caused a mismatch between the expected function name, anyway good to know.

Hi, I don't full remember anymore but i think "error: (null)" is the success case (where there as no error). Do the rest of these logs output anything? At least i saw 'signature: 256' in your message, suggesting at least a signature array was passed through to the c# side. " UnityEngine.Debug.Log($"publicKeyUrl: {publicKeyUrl}"); UnityEngine.Debug.Log($"signature: {signature.Length}"); UnityEngine.Debug.Log($"salt: {salt.Length}"); UnityEngine.Debug.Log($"timestamp: {timestamp}"); UnityEngine.Debug.Log($"error: {error}"); " One thing i didn't include in the snipped is how you get it out of the 'OnIdentityVerificationSignatureGenerated' c# method, easiest way is to assign what you are interested in to static variables. So your entry point calls 'generateIdentityVerificationSignature(OnIdentityVerificationSignatureGenerated);' and then gets the result by reading those static variables. We'll get this working :) Greetings, Bastian

…

On Tue, May 5, 2020 at 9:18 PM martman100 ***@***.***> wrote: ***@***.**** commented on this gist. ------------------------------ I know it has been a few months but in the process of implementing this. Everything builds and runs fine except I am getting the following in Xcode after I build from Unity on my windows laptop. The GameCenter Signature statement is a debug.log so I could see what is. Basically I created a c# class with your code in the second example an then added the following public method that I call from another class. I am no objective-c programmer so not sure what I am doing wrong or what I am missing. It built and deployed to my ios device just fine but gives the error: (null) which seems to be the callback response was null. I wasn't sure where the publickeyurl and such comes from. Thanks again! public void GetVerificationSignature() { generateIdentityVerificationSignature(OnIdentityVerificationSignatureGenerated); } GameCenter Signature: 2020-05-05 13:32:45.572989-0400 toughtruck[28182:37077378] Received 'generateIdentityVerificationSignature' callback, error: (null) GameCenterIdentityServices:OnIdentityVerificationSignatureGenerated(String, IntPtr, Int32, IntPtr, Int32, UInt64, String) signature: 256 GameCenterIdentityServices:OnIdentityVerificationSignatureGenerated(String, IntPtr, Int32, IntPtr, Int32, UInt64, String) GameCenterIdentityServices:OnIdentityVerificationSignatureGenerated(String, IntPtr, Int32, IntPtr, Int32, UInt64, String) GameCenterIdentityServices:OnIdentityVerificationSignatureGenerated(String, IntPtr, Int32, IntPtr, Int32, UInt64, String) GameCenterIdentityServices:OnIdentityVerificationSignatureGenerated(String, IntPtr, Int32, IntPtr, Int32, UInt64, String) -> applicationWillResignActive() — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <https://gist.github.com/bbc02a407b05beaf3f55ead3dd10f808#gistcomment-3291082>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADMSELB7VTYWO3OZP4CFBB3RQBKA3ANCNFSM4KRGF73Q> .

Hey there - I was wondering if you or anyone else in this thread are going to change their authentication-flows now that generateIdentityVerificationSignature is deprecated? I've been learning GameKit recently and have been catching up on these recent changes with player identities and 3rd-party authorization.

I must have accidentally deleted my post. I got this working. What I am now confused on is the fact that it is deprecated. Does that mean if I submit my app to the App Store it will get rejected? If so what is the alternative? My main problem is I am using PlayFab but authentication is up them for what they offer on their services.

I am confused too @martman100 - I see there's authenticateHandler and isAuthenticated now, but those don't help solve the problem of getting the player authenticated by a 3rd party 😑 I don't think your app will get rejected by the App Store if it still has generateIdentityVerificationSignature.

Hey there - I was wondering if you or anyone else in this thread are going to change their authentication-flows now that generateIdentityVerificationSignature is deprecated? I've been learning GameKit recently and have been catching up on these recent changes with player identities and 3rd-party authorization.

Thanks for the heads up about the deprecation, will have to look into that.

I must have accidentally deleted my post. I got this working. What I am now confused on is the fact that it is deprecated. Does that mean if I submit my app to the App Store it will get rejected? If so what is the alternative? My main problem is I am using PlayFab but authentication is up them for what they offer on their services.

Good to hear that you got it working. Atm i don't think you will be rejected, at work we are using this in two live projects and have had no problems shipping updates. But it's an interesting question what the replacement api for this is.

From this doc here, it seems that 3rd-party authentication is no longer necessary... what do you guys think?

To authenticate the local player, you create your own method that sets the authenticateHandler property. The method retrieves the shared instance of the GKLocalPlayer class and then sets that object’s authenticateHandler property to point to a block object that handles authentication events. Once you set an authentication handler, Game Kit automatically authenticates the player asynchronously, calling your authentication handler as necessary to complete the process.

The problem I am having is 3rd party auth for services like PlayFab that are being used through Unity 3D. Not sure what the appropriate process there is now

The problem I am having is 3rd party auth for services like PlayFab that are being used through Unity 3D. Not sure what the appropriate process there is now

Also having some trouble finding the replacement api, we are using the gamecenter as a way to authenticate to our own account system. So we need some way to verify the users identity on the backend.

This type of stuff makes it really difficult to get away from using Facebook for 3rd party auth and verification. My focus is mobile games on android and IOS and Facebook is just not the desire now for authentication.

Okay so... hiding in the source is the new auth-handle called fetchItemsForIdentityVerificationSignature. It looks like the same signature as the deprecated generateIdentityVerificationSignature but with teamPlayerId instead.

Okay so... hiding in the source is the new auth-handle called fetchItemsForIdentityVerificationSignature. It looks like the same signature as the deprecated generateIdentityVerificationSignature but with teamPlayerId instead.

Nice. thanks allot for sharing that. I'm happy we don't need to do major changes to our login 😄

Okay so... hiding in the source is the new auth-handle called fetchItemsForIdentityVerificationSignature. It looks like the same signature as the deprecated generateIdentityVerificationSignature but with teamPlayerId instead.

Nice. thanks allot for sharing that. I'm happy we don't need to do major changes to our login 😄

Did you manage to tackled this problem? I'm on the same situation, If you did it, could you please update unity_ios_verificationsignature.md, or sharing your experience? thanks!

I must admit we didn't get around to it yet 😊

Hello there, I need to convert byte arrays of salt and signature to strings(in C#). Do I just use Convert.ToBase64String or there is some other method for it. Thanks in advance!

That would depend on what format the service you are using expects it in.

On the backend you end up needing both as raw bytes. You use salt, playerId, bundleId and timestamp to generate a new hash and then compare that to the signature using Apple's public key.
Apple has some more info on the (now deprecated 😢) docs for 'generateIdentityVerificationSignature'.

But having said that, if you are using an external service with a http api, its highly likely they expect them to be base64 encoded indeed. But their documentation should really say the format.

Hello there, I need to convert byte arrays of salt and signature to strings(in C#). Do I just use Convert.ToBase64String or there is some other method for it. Thanks in advance!

FWIW, PlayFab expects base64 encoded salt and signature.

Updated the code to work with new auth handle fetchItemsForIdentityVerificationSignature + some casts to make it work.

.m File

#import <Foundation/Foundation.h>
#import <GameKit/GameKit.h>

typedef void (*IdentityVerificationSignatureCallback)(const char * publicKeyUrl, const char * signature, int signatureLength, const char * salt, int saltLength, const uint64_t timestamp, const char * error);

extern void generateIdentityVerificationSignature(IdentityVerificationSignatureCallback callback) {
    
    GKLocalPlayer * localPlayer = [GKLocalPlayer localPlayer];

    NSLog(@"LocalPlayer: %@", localPlayer.playerID);
    
    [localPlayer fetchItemsForIdentityVerificationSignature:^(NSURL * _Nullable publicKeyURL, NSData * _Nullable signature, NSData * _Nullable salt, uint64_t timestamp, NSError * _Nullable error) {

        NSLog(@"Received 'generateIdentityVerificationSignature' callback, error: %@", error.description);

        // Create a pool for releasing the resources we create
        @autoreleasepool {
            
            // PublicKeyUrl
            const char * publicKeyUrlCharPointer = NULL;
            if (publicKeyURL != NULL)
            {
                const NSString * publicKeyUrlString = [[NSString alloc] initWithString:[publicKeyURL absoluteString]];
                publicKeyUrlCharPointer = [publicKeyUrlString UTF8String];
            }


            // Signature
            const char * signatureBytes = (char*)[signature bytes];
            int signatureLength = (int)[signature length];

            // Salt
            const char * saltBytes = (char*)[salt bytes];
            int saltLength = (int)[salt length];

            // Error
            const NSString * errorString = error.description;
            const char * errorStringPointer = [errorString UTF8String];

            // Callback
            callback(publicKeyUrlCharPointer, signatureBytes, signatureLength, saltBytes, saltLength, timestamp, errorStringPointer);
        }
    }];
}

.cs file

[UnmanagedFunctionPointer(CallingConvention.Cdecl)]
    public delegate void IdentityVerificationSignatureCallback(
        string publicKeyUrl, 
        IntPtr signaturePointer, int signatureLength,
        IntPtr saltPointer, int saltLength,
        ulong timestamp,
        string error);

    [DllImport("__Internal")]
    public static extern void generateIdentityVerificationSignature(
        [MarshalAs(UnmanagedType.FunctionPtr)]IdentityVerificationSignatureCallback callback);

// Note: This callback has to be static because Unity's il2Cpp doesn't support marshalling instance methods.
    [MonoPInvokeCallback(typeof(IdentityVerificationSignatureCallback))]
    public static void OnIdentityVerificationSignatureGenerated(
        string publicKeyUrl, 
        IntPtr signaturePointer, int signatureLength,
        IntPtr saltPointer, int saltLength,
        ulong timestamp,
        string error)
    {
        // Create a managed array for the signature
        var signature = new byte[signatureLength];
        Marshal.Copy(signaturePointer, signature, 0, signatureLength);

        // Create a managed array for the salt
        var salt = new byte[saltLength];
        Marshal.Copy(saltPointer, salt, 0, saltLength);

        UnityEngine.Debug.Log($"publicKeyUrl: {publicKeyUrl}");
        UnityEngine.Debug.Log($"signature: {signature.Length}");
        UnityEngine.Debug.Log($"salt: {salt.Length}");
        UnityEngine.Debug.Log($"timestamp: {timestamp}");
        UnityEngine.Debug.Log($"error: {error}");
    }