Essentials
Authentication
Updated: Apr 6, 2026
Every Meta Quest user has a Meta account. Your app can use this account to identify users, access platform features like leaderboards and achievements, and enable social features like friends lists and multiplayer. Authentication on Horizon OS is built on OAuth 2.0, so the patterns are familiar if you’ve integrated with other identity providers.
How authentication works
When your app requests user identity, Horizon OS handles the authentication flow through the platform. The user doesn’t need to enter credentials inside your app — they’re already signed into their Meta account on the headset. Your app receives a token that identifies the user and grants access to the platform features you’ve requested.
Key capabilities
- User identity — Get a unique, stable user ID for your app without requiring a separate login
- Access tokens — OAuth 2.0 tokens for calling Meta Platform APIs
- Account linking — Connect Meta accounts to your own backend identity system
- Federated authentication — Let users sign into third-party services through Meta’s authentication flow
- Permissions — Request specific data access (friends list, avatar, user profile) with user consent
- Entitlement checks — Verify that the user owns your app before granting access to content
Common patterns
Entitlement verification
Every app distributed on the Meta Horizon Store should verify that the user has a valid entitlement (purchase or free-to-download claim) before granting access. This prevents unauthorized copies from running.
Account linking
If your app has its own user account system — for cross-platform progression, a web dashboard, or an existing player base — you can link Meta accounts to your backend accounts. The user authenticates once, and your app maps their Meta ID to your internal user ID.
With the user’s consent, you can access their Meta friends list to enable social features: invite friends to multiplayer sessions, show who’s online, or build a social feed. Friends data is scoped to users who also have your app installed.
Privacy and data use
Authentication gives your app access to user data, which comes with responsibilities:
- Request only what you need — Don’t request friends list access if your app doesn’t have social features
- Complete the Data Use Checkup (DUC) — Required before your app can access platform APIs in production
- Respect user choices — Handle declined permissions gracefully with fallback behavior
- Follow Meta’s Platform Policy — Governs how you store, use, and share user data
Build path implementation guides
Each build path provides its own SDK and API for implementing authentication:
- Unreal:Account linking
- Spatial SDK:Account linking
- Native:Account linking
- Android apps:Authentication
Design guidelines
For best practices on designing authentication, privacy, and user trust:
User considerations
- Designing safety and user empowerment in social immersive apps: Empower users to confidently manage their participation in social virtual spaces.
- Designing for privacy: Help users feel safe and build trust with privacy design.
- Localization: Localization and translation guidance.
- Accessibility: Make your app accessible.
- Comfort: Make your app comfortable for your users.
Virtual reality / Meta Horizon
Support and legal
Virtual reality / Meta Horizon
Support and legal
Virtual reality / Meta Horizon
Support and legal
English (US)
© 2026 Meta