UnrealGameSync, Horde, and OIDC Auth Issues

Hi all,

I’m having trouble with OIDC authentication (Google via Dex) in Horde/UGS:

• Horde auth works fine.
• When switching to OIDC, authentication succeeds (Connected To Horde shows) but precompiled binaries are not accessible.
• The client makes the request for the artifacts but pulls nothing; making the same request in an authenticated browser returns the expected JSON.
  • https://horde.DOMAIN.com/api/v2/artifacts?type\=ugs\-pcb\&key\=ugs\-project%3D%2F%2Fatreya%2Fdev%2FAtreya%2FAtreya.uproject\&maxResults\=100
• Noticed references to “CloudStorage” and how its preferred over horde for PCBs, and is linked to CloudDDC - is there any documentation on this?

Any insights on resolving the OIDC issue or clarification on CloudStorage would be appreciated.

Steps to Reproduce

Hey there,

For general debugging advice regarding OIDC I’d suggest giving this a whirl. For Horde auth you can inspect & define the entitlements pretty clearly - but for OIDC path it may be that the entitlements are not making it through somehow for the PCBS?

I’ll loop in an SME to see if they have any thoughts beyond the debugging doc.

Kind regards,

Julian

Hey there,

Would it be possible to get the logs from UGS - we should get a little more context from the failed HTTP and perhaps some further clues.

Kind regards,

Julian

Here are the ugs logs.

[21:18:01.437 inf] [Startup] Application version: 5.6.0.0

[21:18:01.455 inf] [Startup] Started at 12/08/2025 21:18:01

[21:18:01.458 inf] [Startup] SessionId: 99c3d0aa-d763-4fda-8583-7f070750bcb8

[21:18:01.458 inf] [Telemetry] Creating telemetry sink for session 99c3d0aa-d763-4fda-8583-7f070750bcb8

[21:18:01.465 inf] [Startup] Installed protocol handler to user hive

[21:18:01.637 inf] [OpenProjectInf] Detecting settings for F:\Perforce\sean_DT-SS-01_Primary\Atreya\Atreya.uproject

[21:18:01.709 inf] [OpenProjectInf] Found branch root at //sean_DT-SS-01_Primary

[21:18:01.799 inf] [MainWindow] Opening Main Window for 1 projects. Last Project F:\Perforce\sean_DT-SS-01_Primary\Atreya\Atreya.uproject

[21:18:01.846 inf] [MainWindow] Trying to open project //sean_DT-SS-01_Primary/Atreya/Atreya.uproject

[21:18:01.910 wrn] [WorkspaceContr] Unable to determine cloud host and namespace from project’s UnrealGameSync.ini. Specify Host=<host> and Namespace=<namespace> in the [CloudStorage] section of your UnrealGameSync.ini to enable snapshot import.

[21:18:01.979 inf] [EventMonitor] Using connection string: https://horde.DOMAIN.com/ugs

[21:18:02.043 inf] [EventMonitor] Polling for events…

[21:18:02.045 inf] [IssueMonitor] Using connection string: https://horde.DOMAIN.com/ugs

[21:18:02.051 inf] [MainWindow] Inserted tab 0

[21:18:02.056 inf] [IssueMonitor] Polling for issues…

[21:18:02.382 inf] [IssueMonitor] Done in 326ms.

[21:18:02.414 inf] [EventMonitor] Done in 371ms.

[21:18:03.860 inf] [EventMonitor] Polling for events…

[21:18:04.016 inf] [EventMonitor] Done in 155ms.

[21:18:14.046 inf] [EventMonitor] Polling for events…

[21:18:14.295 inf] [EventMonitor] Done in 249ms.

[21:18:44.301 inf] [EventMonitor] Polling for events…

[21:18:44.437 inf] [EventMonitor] Done in 135ms.

[21:18:50.262 inf] [EventMonitor] Polling for events…

[21:18:50.504 inf] [EventMonitor] Done in 242ms.

[21:19:02.392 inf] [IssueMonitor] Polling for issues…

[21:19:02.521 inf] [IssueMonitor] Done in 128ms.

[21:19:20.515 inf] [EventMonitor] Polling for events…

[21:19:20.650 inf] [EventMonitor] Done in 134ms.

So while I can tick “Sync Precompiled Binaries” - it only has available the ones on perforce, ie the ones we did before we moved to horde.

If i switch horde’s auth to “Horde” then i can sync to the latest horde incremental build.

Also to note - if i enable OIDC auth, log in to horde fine, but then go to https://horde.DOMAIN.com/api/v1/account/entitlements I get a 404.

Let me know if you need anymore info or if anything else is worth testing, thanks for the help!

Hey there,

Nothing really jumps out in the log here.

HORDE_URL/account/entitlements should be the correct API endpoint (no api/v1 required). Once we you have the entitlements, we can see if there’s something missing here.

Julian

{“administrator”:true,“scopes”:[{“name”:“horde”,“actions”:[“AdminRead”,“AdminWrite”,“CreateAgent”,“CreateBisectTask”,“CreateJob”,“CreateProject”,“CreateStream”,“CreateSubscription”,“DeleteAgent”,“DeleteProject”,“DeleteStream”,“DeviceRead”,“DeviceWrite”,“DownloadArtifact”,“Impersonate”,“IssueBearerToken”,“ListAgents”,“ListPools”,“ReadArtifact”,“RetryJobStep”,“UpdateAgent”,“UpdateBisectTask”,“UpdateJob”,“UpdateProject”,“UpdateStream”,“ViewAgent”,“ViewBisectTask”,“ViewChanges”,“ViewEvent”,“ViewJob”,“ViewLog”,“ViewPool”,“ViewProject”,“ViewStream”,“ViewTemplate”]}]}

This is my curr

Hey there,

Just generally speaking it looks like you have DownloadArtifact ACL, but it’s not clear whether their scope is correct? You should probably have a scope for your specific project.

[mention removed]​ - is there anything that’s jumping out here regarding ACL config for UGS artifact downloads?

Kind regards,

Julian

Hey,

Digging through the code paths here it looks like the “ReadArtifact” ACL is the one which is used, this is present in your entitlements so it shouldn’t be an issue.

Also the fact that you have admin set would by pass any other ACL query so I’m pretty confident this is not ACL related.

I do know we have seen some quirks with pulling PCB’s from Horde. There is an alternative approach if this ends up being a non-starter which is pulling PCB’s from perforce. The Cloud option you mentioned has not officially been rolled out yet but is something we are building confidence in internally.

In terms of next steps if you do want to continue down the pulling PCB’s from Horde route I would recommend following the debug steps in Julian’s guide which he linked above. That should help you isolate where the exact issue is here.

Hope this helps.