We have an existing enterprise app that we are porting to Quest. The app is built using Unity and an OAuth service (Azure B2C) is used for authentication. Currently, we support multiple authentication flows, including using browser based authentication and reading QR codes using the built in camera on devices where typing is inconvenient, such as Microsoft HoloLens.
I'm trying to find the recommended path for secure authentication for Oculus Quest.
Thing's I've tried:
browser authentication does not work since the Oculus browser does not appear to allow intent-filters to open applications as per Android default behaviour, see https://forums.oculusvr.com/developer/discussion/89646/feature-request-allow-appps-to-be-launched-via-intent-filters-from-oculus-browser#latest
QR authentication does not work, since no QR reading framework is available on the device like it is on other platforms (HoloLens 2 and even Windows Mixed Reality headsets), and since the cameras are not directly accessible to developers either.
Quest does seem to have some provisioning for authentication through it's own companion app, but I can find no mention that we can develop our own 3rd party companion app to handle authentication this way?
I'm sure there are many other developers looking to authenticate their Quest users through OAuth; how did you manage this?
