Secure Session Recovery
The SDK offers the option to store session wallet information securely on select platforms using native secure storage.
Recovering Sessions
By default, the SDK will require users to sign in everytime the app is closed completely. This is because, by default, we do not write the session wallet information (e.g. private keys) to any form of persistent storage for user security.
However, on select platforms, we have integrated with the platform’s native secure storage offering.
If you enable StoreSessionPrivateKeyInSecureStorage
in your SequenceConfig
ScriptableObject, we will automatically store the session wallet information for you (on supported platforms) and expose the ability to attempt to recover the session in SequenceLogin
. The default LoginPanel
will automatically handle the UI flow for this as well (see Authentication). If the platform is not supported, this flag will have no effect.
See below the supported platforms and to learn about the platform’s secure storage solution - it is important to understand the basics of how these systems work and think carefully about the security implications of storing private keys (or any secret for that matter) in persistent storage.
iOS
On iOS, we leverage the iOS Keychain.
MacOS
On MacOS, we leverage the MacOS Keychain.
Windows
On Windows PCs, we leverage the Crypto: Next Generation - Data Protection API (CNG DPAPI)
Web
On Web builds, we leverage IndexedDB via PlayerPrefs.
Android
On Android builds, we leverage the Android Keystore.
The first step is to import the AndroidKeyBridge.java
plugin into your Assets folder. This is most easily done via Samples in the package manager - simply import the sample titled Android Secure Storage
.
Our Keystore plugin for Unity (included in the SDK) requires a Custom Main Gradle Template. Please navigate to your Project Settings, then under Player > Publishing Settings
enable Custom Main Gradle Template
. This will create a file Assets/Plugins/Android/mainTemplate.gradle
(or similar, the editor will show you the path) if you don’t have one already. Here is an example mainTemplate.gradle
file; please copy/paste this (or incorporate into your existing file).
Our Keystore plugin also requires a Custom Gradle Properties Template. Again, navigate to your Project Settings, then under Player > Publishing Settings
enable Custom Gradle Properties Template
. This will create a file Assets/Plugins/Android/gradleTemplate.properties
(or similar, the editor will show you the path) if you don’t have one already. Here is an example gradleTemplate.properties
file; please copy/paste this (or incorporate into your existing file).
Troubleshooting
If you run into issues with secure storage or Google Sign-In on Android, go through the following troubleshooting steps.
- Google Sign-In: Ensure the
data android:scheme
value in yourAndroidManifest.xml
file matches theUrl Scheme
in yourSequenceConfig.asset
file. Make sure it’s all lowercase. - Secure Storage: Ensure your
mainTemplate.gradle
correctly defines theandroidx.security:security-crypto
plugin such that it is not overwritten by any other plugin or the Android Plugin Resolver. - Try our Demo: Install our demo build
and ensure this build runs fine on your device.
- Compare your Unity project settings (AndroidManifest, gradle files, Android player settings) with our sdk project.
- Additional Ideas: Uninstall your app before installing a new build, change your url scheme or bundle id.
Editor
In the editor, we use PlayerPrefs for private key storage. You will also need to enable ‘EditorStoreSessionPrivateKeyInSecureStorage’ in SequenceConfig in order to use secure storage and recover sessions from within the editor. This separate flag makes it easier for you to test both flows without modifying the behaviour of your builds. Secure storage in the editor is for development purposes only and should not be considered secure for long-term storage.