Skip to main content

Frequently Asked Questions

Common questions and solutions for authentication, BLUI, platform issues, and integration with the Unreal SDK.

Authentication

This is not possible due to security reasons. Vendors like Google also block login through webviews because the hosting applications can steal credentials.
Never use WebView for authentication. It’s a security risk and violates OAuth best practices.
See Why is the in-app browser used for Passport login on mobile and not a webview? for more details.
The in-app browser is specifically designed for single sign-on (SSO) purposes, making it a much more secure option. This browser runs on a separate process from the hosting game, meaning the game cannot access it, modify any content, or inject malicious code.
FeatureIn-App BrowserWebView
Process isolation✅ Separate process❌ Same process as app
App can inject code❌ No✅ Yes (security risk)
App can intercept requests❌ No✅ Yes (security risk)
Designed for SSO✅ Yes❌ No
WebView gives the hosting game full control, allowing it to intercept requests and inject JavaScript. This is why OAuth providers like Google block WebView authentication.Platform implementations:
To securely implement PKCE, we must use ASWebAuthenticationSession, which shows an alert. This alert cannot be removed or modified as the operating system triggers it.
This is a security feature designed to protect users from unauthorized authentication attempts. Any attempt to bypass it will cause app rejection.
Learn more about ASWebAuthenticationSession
This error occurs because you are attempting to log in using a webview instead of a browser. Google blocks authentication attempts from WebViews because they can be exploited to steal user credentials. The hosting app has full control over WebView content, including the ability to inject JavaScript and intercept requests.Use the system browser or in-app browser (SFSafariViewController/Chrome Custom Tabs) instead of WebView. The Unreal SDK uses Chrome Custom Tabs (Android) and SFSafariViewController (iOS) by default.Refer to Can I log in using a webview instead of opening the browser? for more information.

Getting Started & Integration

You can use the zkEVM Send Transaction function in the Unreal SDK to call your smart contract crafting function.
Crafting typically involves calling a smart contract that burns input NFTs and mints a new crafted NFT.
It is possible to adapt the architecture and implementation of the Unreal SDK for use in your custom engine.There are two main components involved: Game bridge (index.uasset) and platform-specific web browser implementations.Game bridgeThe index.uasset serves as a bridge between the Unreal SDK and the TypeScript SDK. The game-bridge package enables the Unreal SDK to interact with the necessary TypeScript SDK packages (e.g. passport, config, x-provider) using string-based communication. To integrate the TypeScript SDK packages with the Unreal SDK, the required TypeScript SDK packages and the game-bridge package are bundled into a index.js file and then converted into Unreal Engine asset file format index.uasset.Web BrowserThe Unreal Engine codebase provides developers with the WebBrowser module to run websites and the WebBrowserWidget plugin to render those websites within your Unreal Engine project across a variety of platforms:Note: On Windows, make sure you run the index file using Chromium Embedded Framework (CEF) version 90 or higher. The CEF libraries in Unreal Engine 4 versions are outdated and cannot execute the source code of the internal libraries. Therefore, we require the BLUI plugin to be used instead of the WebBrowserWidget plugin. More on that here.In-app browserOn mobile and desktop platforms, an in-app browser is used for the Proof Key for Code Exchange (PKCE) flow:Native code (Android, iOS, macOS) is written for each platform to launch the in-app browser from the Unreal SDK and handle deep linking into the game.Adapting for Your Custom Engine
  • Reuse the Index File: You can reuse our index file, but you may need to rewrite how it communicates with the web browser. This involves modifying the callbackToGame() function in the TypeScript SDK’s game-bridge/index.ts file. After making your changes, you must bundle and generate the index file (refer to our README).
  • Use the Passport Implementation as an example: You can adopt the Unreal Engine Immutable Passport implementations if you use C++. Additionally, you must adapt the communication between your custom engine and the web browser.
  • Reuse PKCE Implementation: Most PKCE implementations can be reused as they are written in the platform’s native languages. However, you must adapt the communication between your custom engine and the native code.
If you use C++, you can reuse significant portions of our Unreal SDK implementation directly.

Platform & Technical Issues

As of 6 May 2025, PKCE is supported on Windows (alpha release). Prior to this date, PKCE was only available on Android, iOS, and macOS.
DateEvent
Before May 6, 2025PKCE only on Android, iOS, macOS
May 6, 2025PKCE Windows support (alpha)
July 1, 2025Device Code Authorization sunset
Device Code Authorization will be sunset on July 1, 2025 across all platforms. Migrate to PKCE before this date.
We strongly recommend developers begin migrating to PKCE to ensure a smooth transition before the sunset date.
Both BLUI and Epic’s WebBrowserWidget plugin utilise the Chromium Embedded Framework (CEF) in the background. The Immutable plugin requires CEF to run its internal libraries, including player/gamer authentication procedures. In Unreal Engine 4, the CEF libraries are outdated and cannot execute the source code of the internal libraries. Therefore, we require the BLUI plugin to be used instead of the WebBrowserWidget plugin.
PlatformCEF Version NeededUE4 WebBrowserWidgetBLUI Plugin
WindowsCEF 90+❌ Outdated✅ Up-to-date
AndroidN/A✅ Native WebViewN/A
iOS/macOSN/A✅ WKWebViewN/A
Unreal Engine 5 may have updated CEF libraries. Check your UE version’s CEF version if using UE5.
This issue is known and occurs with Unreal Engine 4.26 and 4.27. If you are having trouble running the Xsolla plugin with the Immutable Unreal SDK and BLUI plugins enabled, it is because of a conflict between Chromium Embedded Framework browser processes.Our Immutable plugin needs the BLUI plugin to be enabled (check here for more details). However, the Xsolla plugin also requires Chromium Embedded Framework to run and relies on Epic’s WebBrowser module for that, which leads to conflicts when both plugins are used together.
PluginCEF RequirementImplementation
Immutable SDKRequires BLUIUses BLUI’s CEF
Xsolla SDKRequires WebBrowserUses Epic’s WebBrowser CEF
Result❌ Both plugins enabledCEF process conflict
This is a known limitation with UE 4.26 and 4.27. No perfect solution exists without engine or plugin modifications.
Workarounds:
  1. Use only one plugin at a time (not ideal for production)
  2. Upgrade to Unreal Engine 5 (may resolve CEF conflicts)
  3. Contact Xsolla support for alternative integration methods

Regional Support

The Immutable Game SDK supports only the regions that Immutable Passport supports.Passport is a globally available product. However, our wallet infrastructure is subject to the regulation of the US Department of the Treasury’s Office of Foreign Assets Control (“OFAC”). OFAC administers and enforces comprehensive and targeted economic and trade sanctions programs on multiple countries and regions.Users attempting to access Passport in any of the regions under OFAC sanction will have their access blocked and will be unable to use our product. Additionally, components of Passport’s infrastructure also rely on technology provided by Magic, which maintains further details regarding unsupported regions on their website here.

Still Need Help?

https://mintcdn.com/immutable-b818fae7/ptG7XFZC6gCkZMoj/icons/unreal.svg?fit=max&auto=format&n=ptG7XFZC6gCkZMoj&q=85&s=ee5ed7fe3b2d9f45d7b60dc8928d77c0

Unreal SDK

Complete Unreal SDK documentation

GitHub Issues

Report Unreal SDK issues

Support

Contact support team

Documentation

Browse all documentation