2025-07-02 –, Theil C1-1 (60p)
Do you recognise this problem? “I want to identify my students in my XR application, so I know who is doing what”. Over the past 2 years TU Delft has been evaluating various approaches to implementing user authentication in XR, what works best, any why. In this session, we will share our findings, as well as our plans to work together with SURF to make this easier for you.
There are various ways to handle user authentication, some are considered good practices, some are considered bad practices, but what they all have in common is that none of them were designed with XR technology in mind. However, as XR in education is becoming more mature and the demand for connected applications and data sharing rises, user authentication is becoming a highly requested feature.
In this presentation, you will learn the various approaches to user authentication and single-sign-on (SSO) that we tested over the past 2 years, what their benefits are, what their downsides are, and most importantly, what approach we recommend for SSO in XR Applications with SURFConext.
Since security becomes of paramount importance once you are working with real student data, you will also learn some best practices for building secure and safe connected XR applications in general. This includes topics such as:
- Authentication vs Authorization
- How to connect to databases from XR content
- Secure and insecure contexts
- Data validation and integrity
Our final proposal for an XR-optimised SSO flow is a slightly modified version of the common and well-tested OAuth Device Flow. You will see this flow in action, as we demonstrate how we use this at TU Delft to sign in students with their TU Delft account using SURFConext.
Finally, we will look towards the future. TU Delft is collaborating with SURF and NPuls to further test this proposal, with the goal of providing a standardised solution for handling SSO with SURFConext in XR, including a common authentication server and plug-ins for Unity and Unreal Engine.
