Not signed in
Copyright © 2026 Unity Technologies
Summary
The Authentication SDK leaks low-level exceptions (JsonReaderException, NullReferenceException) instead of RequestFailedException under hostile/blocked network conditions
The sign-in failure path in AuthenticationServiceInternal does not defensively convert all network failure modes into the public RequestFailedException contract. Under certain hostile or blocked network conditions, lower-level exceptions leak to the caller. The intended contract is that all sign-in failures surface as RequestFailedException with an ErrorCode; instead the following escape:
Manifestation 1 — non-JSON error body
When a request fails and an intermediate node (proxy, captive portal, gateway 4xx/5xx) returns an HTML body, AuthenticationExceptionHandler.ConvertException attempts to deserialize it as JSON and throws JsonReaderException: Unexpected character encountered while parsing value: <. This is logged raw before being wrapped, masking the true network cause. (Observed via support tickets 2387027, 2251942.)
Manifestation 2 — null response
When requests are fully blocked / SSL fails, CompleteSignIn(response) is called with a null response and throws an uncaught NullReferenceException. HandleSignInRequestAsync only explicitly handles RequestException/WebRequestException, so the NRE is not converted to RequestFailedException.
Steps to reproduce:
Manifestation 1: Sign in while an intermediate node returns an HTML error page (reproducible under poor connectivity / captive portal).
Manifestation 2:
Actual results: Raw JsonReaderException (manifestation 1) and uncaught NullReferenceException (manifestation 2) escape the intended contract.
Expected results: Both conditions surface as RequestFailedException with an appropriate transport/network ErrorCode and a clear message; no raw JsonReaderException or NullReferenceException reaches caller code or logs.
Reproducible with versions: UGS Authentication 3.6.1 and 3.7.1
Not reproducible with versions:
Can’t test with versions: Tested on (OS): IOS
Notes:
Sign in to see your voted issues