포스트 날짜 수정: '2025-06-21 10:00:00 +0900'에서 '2025-06-21 09:30:00 +0900'으로 변경하여 정확한 시간 정보를 반영하였습니다.

realcoding2003 · realcoding2003 · commit 84e645116d2e · 2025-06-22T16:53:37.000+09:00
diff --git a/_posts/2025-06-21-unity-firebase-auth-journey-en.md b/_posts/2025-06-21-unity-firebase-auth-journey-en.md
@@ -0,0 +1,187 @@
+---
+layout: post
+title: "Unity + Firebase Authentication Journey: From Anonymous to Account Linking"
+date: 2025-06-21 10:00:00 +0900
+categories: [Development, Unity]
+tags: [Unity, Firebase, Authentication, AccountLinking, AWS, Lambda, AuthSystem, GameDevelopment]
+author: "Kevin Park"
+excerpt: "Seamless experience for both guests and members! From Firebase Anonymous Auth to Account Linking - real implementation trials and solutions"
+image: "/assets/images/posts/firebase-auth-journey/hero.png"
+mermaid: true
+lang: en
+---
+
+# Unity + Firebase Authentication Journey: From Anonymous to Account Linking
+
+![Unity Firebase Authentication System](/assets/images/posts/firebase-auth-journey/hero.png)
+*The trials and errors encountered while implementing Firebase dual authentication system in Unity*
+
+## 🤦‍♂️ It All Started with This Problem
+
+**Problem**: How to allow guest users to save data in a game app while preserving their existing data when they sign up later?
+
+**Solution**: Implement seamless user experience with Firebase Anonymous Authentication + Account Linking
+
+Initially, I thought "Can't we just use device ID?" But I realized data would be lost when changing devices or reinstalling the app. Firebase Anonymous Auth was the answer.
+
+```mermaid
+graph TD
+    A[App Start] --> B{User Status}
+    B -->|Guest| C[Firebase Anonymous Auth]
+    B -->|Member| D[Firebase Email Auth]
+    C --> E[Device-specific JWT Issuance]
+    D --> F[Member JWT Issuance]
+    E --> G{Sign-up Request?}
+    G -->|Yes| H[Account Linking]
+    G -->|No| I[Continue as Guest]
+    H --> J[Existing Data + Member Conversion]
+```
+
+## 💻 Core Implementation Code
+
+### Firebase Anonymous Authentication (Unity)
+
+```csharp
+// Initially, I only did this...
+FirebaseAuth.DefaultInstance.SignInAnonymouslyAsync().ContinueWith(task => {
+    if (task.IsCompletedSuccessfully) {
+        FirebaseUser user = task.Result.User;
+        Debug.Log("Anonymous login successful: " + user.UserId);
+    }
+});
+
+// Actually need to get ID Token for server verification
+private async void AuthenticateAnonymously() {
+    try {
+        var result = await FirebaseAuth.DefaultInstance.SignInAnonymouslyAsync();
+        var idToken = await result.User.GetIdTokenAsync(false);
+        
+        // Send ID Token to server
+        await SendDeviceAuthRequest(idToken);
+    } catch (Exception e) {
+        Debug.LogError($"Anonymous authentication failed: {e.Message}");
+    }
+}
+```
+
+### Account Linking Implementation (The most challenging part)
+
+```csharp
+// Initially didn't understand why this wasn't working
+private async void LinkWithEmail(string email, string password) {
+    try {
+        var credential = EmailAuthProvider.GetCredential(email, password);
+        
+        // Key: Link email account to current anonymous user
+        var result = await FirebaseAuth.DefaultInstance.CurrentUser
+            .LinkWithCredentialAsync(credential);
+            
+        // Notify server with new ID Token
+        var newIdToken = await result.User.GetIdTokenAsync(false);
+        await SendLoginRequest(newIdToken);
+        
+        Debug.Log("Account Linking successful!");
+    } catch (FirebaseException e) {
+        if (e.ErrorCode == AuthError.EmailAlreadyInUse) {
+            Debug.LogError("Email is already in use");
+        }
+    }
+}
+```
+
+### Server-side Processing (AWS Lambda)
+
+```javascript
+// User processing after Firebase ID Token verification
+exports.handler = async (event) => {
+    try {
+        const { idToken } = JSON.parse(event.body);
+        
+        // Verify token with Firebase Admin SDK
+        const decodedToken = await admin.auth().verifyIdToken(idToken);
+        const { uid, email, firebase } = decodedToken;
+        
+        // Query existing user from DynamoDB
+        const existingUser = await getUserByUID(uid);
+        
+        if (existingUser) {
+            // Account Linking: Anonymous → Member conversion
+            if (!existingUser.email && email) {
+                await updateUserToMember(uid, email);
+                return { 
+                    success: true, 
+                    isUpgrade: true,
+                    message: "Can continue using existing JWT token"
+                };
+            }
+        } else {
+            // Create new user
+            await createNewUser(uid, email || null);
+        }
+        
+        // Issue JWT (no distinction between anonymous/member)
+        const jwt = generateJWT({ uid, email, type: email ? 'user' : 'anonymous' });
+        
+        return { success: true, jwt, isNewUser: !existingUser };
+    } catch (error) {
+        return { success: false, error: error.message };
+    }
+};
+```
+
+## 🔧 Lessons Learned from Trial and Error
+
+### 1. Importance of Unified JWT Secret
+Initially, I tried to create separate JWT secrets for anonymous and member users. This caused users to be logged out when Account Linking invalidated existing tokens.
+
+**Solution**: Use single JWT secret to ensure session continuity during mode transitions
+
+### 2. Firebase ID Token Expiration Handling
+Firebase ID Tokens expire every hour. I didn't know this initially and wondered "Why does authentication suddenly fail?"
+
+**Solution**: Firebase SDK automatically refreshes tokens, so no additional client-side handling needed
+
+### 3. DynamoDB User Data Structure
+```json
+{
+  "uid": "firebase_uid_here",
+  "type": "anonymous", // or "user"
+  "email": null, // Updated during Account Linking
+  "createdAt": "2025-06-21T10:00:00Z",
+  "lastLoginAt": "2025-06-21T15:30:00Z",
+  "learningData": { /* Game progress data */ }
+}
+```
+
+**Key Point**: During Account Linking, only update `type` and `email` while preserving `learningData`
+
+### 4. Importance of Network Error Handling
+High dependency on Firebase makes the system sensitive to network issues. Offline scenarios must also be considered.
+
+```csharp
+// Including retry logic
+private async Task<string> GetIdTokenWithRetry(int maxRetries = 3) {
+    for (int i = 0; i < maxRetries; i++) {
+        try {
+            return await FirebaseAuth.DefaultInstance.CurrentUser.GetIdTokenAsync(false);
+        } catch (Exception e) {
+            if (i == maxRetries - 1) throw;
+            await Task.Delay(1000 * (i + 1)); // Exponential backoff
+        }
+    }
+    return null;
+}
+```
+
+## 💡 Results and Insights
+
+### Achievements
+- **Perfect Data Continuity**: 100% data preservation during guest → member transition
+- **Seamless UX**: So natural that users don't notice mode transitions
+- **Scalable Architecture**: Social login additions possible with the same pattern
+
+### Limitations
+- **Firebase Dependency**: Entire authentication system vulnerable to Firebase outages
+- **Token Management Complexity**: JWT expiration handling on client-side more challenging than expected
+
+I plan to add OAuth social login using the same Account Linking pattern. Hope this helps anyone implementing similar systems, and please share better approaches in the comments if you know any! 🙏
diff --git a/_posts/2025-06-21-unity-firebase-auth-journey-ja.md b/_posts/2025-06-21-unity-firebase-auth-journey-ja.md
@@ -0,0 +1,187 @@
+---
+layout: post
+title: "Unity + Firebase認証の苦労話：Anonymousからアカウントリンクまで"
+date: 2025-06-21 10:00:00 +0900
+categories: [Development, Unity]
+tags: [Unity, Firebase, Authentication, AccountLinking, AWS, Lambda, 認証システム, ゲーム開発]
+author: "Kevin Park"
+excerpt: "ゲストユーザーも会員も自然に！Firebase Anonymous Authからアカウントリンクまでの実装過程の試行錯誤と解決策"
+image: "/assets/images/posts/firebase-auth-journey/hero.png"
+mermaid: true
+lang: ja
+---
+
+# Unity + Firebase認証の苦労話：Anonymousからアカウントリンクまで
+
+![Unity Firebase Authentication System](/assets/images/posts/firebase-auth-journey/hero.png)
+*UnityでFirebase二重認証システムを実装する際に経験した試行錯誤*
+
+## 🤦‍♂️ こんな悩みから始まった
+
+**問題**: ゲームアプリでゲストユーザーもデータを保存し、後から会員登録しても既存データを失わないようにするには？
+
+**解決**: Firebase Anonymous Authentication + アカウントリンクでスムーズなユーザー体験を実装
+
+最初は「デバイスIDを使えばいいんじゃない？」と思ったが、デバイス変更やアプリ再インストール時にデータが消失するのを見て気づいた。Firebase Anonymous Authが答えだった。
+
+```mermaid
+graph TD
+    A[アプリ開始] --> B{ユーザー状態}
+    B -->|ゲスト| C[Firebase Anonymous Auth]
+    B -->|会員| D[Firebase Email Auth]
+    C --> E[デバイス別JWT発行]
+    D --> F[会員JWT発行]
+    E --> G{会員登録要求?}
+    G -->|Yes| H[アカウントリンク]
+    G -->|No| I[ゲストのまま継続]
+    H --> J[既存データ + 会員転換]
+```
+
+## 💻 核心実装コード
+
+### Firebase Anonymous認証 (Unity)
+
+```csharp
+// 最初はこれだけしかしなかった...
+FirebaseAuth.DefaultInstance.SignInAnonymouslyAsync().ContinueWith(task => {
+    if (task.IsCompletedSuccessfully) {
+        FirebaseUser user = task.Result.User;
+        Debug.Log("匿名ログイン成功: " + user.UserId);
+    }
+});
+
+// 実際にはID Tokenまで取得してサーバーで検証可能にする必要がある
+private async void AuthenticateAnonymously() {
+    try {
+        var result = await FirebaseAuth.DefaultInstance.SignInAnonymouslyAsync();
+        var idToken = await result.User.GetIdTokenAsync(false);
+        
+        // サーバーにID Token送信
+        await SendDeviceAuthRequest(idToken);
+    } catch (Exception e) {
+        Debug.LogError($"匿名認証失敗: {e.Message}");
+    }
+}
+```
+
+### アカウントリンク実装 (最も苦労した部分)
+
+```csharp
+// 最初はなぜこれが動かないのかわからなかった
+private async void LinkWithEmail(string email, string password) {
+    try {
+        var credential = EmailAuthProvider.GetCredential(email, password);
+        
+        // キーポイント: 現在の匿名ユーザーにメールアカウントをリンク
+        var result = await FirebaseAuth.DefaultInstance.CurrentUser
+            .LinkWithCredentialAsync(credential);
+            
+        // 新しいID Tokenでサーバーに通知
+        var newIdToken = await result.User.GetIdTokenAsync(false);
+        await SendLoginRequest(newIdToken);
+        
+        Debug.Log("アカウントリンク成功!");
+    } catch (FirebaseException e) {
+        if (e.ErrorCode == AuthError.EmailAlreadyInUse) {
+            Debug.LogError("既に使用中のメールアドレスです");
+        }
+    }
+}
+```
+
+### サーバーサイド処理 (AWS Lambda)
+
+```javascript
+// Firebase ID Token検証後のユーザー処理
+exports.handler = async (event) => {
+    try {
+        const { idToken } = JSON.parse(event.body);
+        
+        // Firebase Admin SDKでトークン検証
+        const decodedToken = await admin.auth().verifyIdToken(idToken);
+        const { uid, email, firebase } = decodedToken;
+        
+        // DynamoDBから既存ユーザー照会
+        const existingUser = await getUserByUID(uid);
+        
+        if (existingUser) {
+            // アカウントリンク: 匿名 → 会員転換
+            if (!existingUser.email && email) {
+                await updateUserToMember(uid, email);
+                return { 
+                    success: true, 
+                    isUpgrade: true,
+                    message: "既存JWTトークンで継続使用可能です"
+                };
+            }
+        } else {
+            // 新規ユーザー作成
+            await createNewUser(uid, email || null);
+        }
+        
+        // JWT発行 (匿名/会員を区別しない)
+        const jwt = generateJWT({ uid, email, type: email ? 'user' : 'anonymous' });
+        
+        return { success: true, jwt, isNewUser: !existingUser };
+    } catch (error) {
+        return { success: false, error: error.message };
+    }
+};
+```
+
+## 🔧 試行錯誤の過程で学んだこと
+
+### 1. JWT Secret統一の重要性
+最初は匿名用、会員用JWT Secretを別々に作ろうとした。アカウントリンク時に既存トークンが無効化されてユーザーがログアウトされる問題が発生した。
+
+**解決**: 単一JWT Secret使用でモード切り替え時のセッション継続性を保証
+
+### 2. Firebase ID Token有効期限処理
+Firebase ID Tokenは1時間ごとに期限切れになる。最初はこれを知らずに「なぜ急に認証できなくなるんだ？」と思った。
+
+**解決**: Firebase SDKが自動で更新してくれるのでクライアントサイドで別途処理不要
+
+### 3. DynamoDBユーザーデータ構造
+```json
+{
+  "uid": "firebase_uid_here",
+  "type": "anonymous", // または "user"
+  "email": null, // アカウントリンク時に更新
+  "createdAt": "2025-06-21T10:00:00Z",
+  "lastLoginAt": "2025-06-21T15:30:00Z",
+  "learningData": { /* ゲーム進行データ */ }
+}
+```
+
+**キーポイント**: アカウントリンク時は`type`と`email`のみ更新し、`learningData`はそのまま維持
+
+### 4. ネットワークエラー処理の重要性
+Firebase依存度が高い分、ネットワーク問題に敏感である。オフライン状況も考慮する必要がある。
+
+```csharp
+// リトライロジック含む
+private async Task<string> GetIdTokenWithRetry(int maxRetries = 3) {
+    for (int i = 0; i < maxRetries; i++) {
+        try {
+            return await FirebaseAuth.DefaultInstance.CurrentUser.GetIdTokenAsync(false);
+        } catch (Exception e) {
+            if (i == maxRetries - 1) throw;
+            await Task.Delay(1000 * (i + 1)); // 指数バックオフ
+        }
+    }
+    return null;
+}
+```
+
+## 💡 結果と学んだ点
+
+### 成果
+- **完璧なデータ継続性**: ゲスト → 会員転換時のデータ100%保存
+- **スムーズなUX**: ユーザーがモード切り替えを意識しないほど自然
+- **拡張可能な構造**: ソーシャルログイン追加も同じパターンで可能
+
+### 惜しい点
+- **Firebase依存性**: Firebase障害時に認証システム全体が麻痺
+- **トークン管理の複雑性**: クライアントサイドでのJWT有効期限処理が思ったより面倒
+
+今後はOAuthソーシャルログインも同じアカウントリンクパターンで追加予定である。同じようなシステムを実装される方々の参考になれば幸いで、より良い方法をご存知の方がいればコメントで共有してください！🙏
