Jawschamp · January 19, 2020 09:44 · Jawschamp · Jan 17, 2020 · Jawschamp · Jan 18, 2020
diff --git a/authflow.py b/authflow.py
 import requests
 import json
 from flask import Flask, send_file
 from threading import Thread
 import time

 # Constants. These should not be tampered with.
 app = Flask(__name__)
 Thread(target=app.run, args=("0.0.0.0", 8080)).start()

 # Constants. These should not be tampered with.
 base = "https://www.epicgames.com"
 base_public_service = "https://account-public-service-prod03.ol.epicgames.com"
 launcher_token = "MzQ0NmNkNzI2OTRjNGE0NDg1ZDgxYjc3YWRiYjIxNDE6OTIwOWQ0YTVlMjVhNDU3ZmI5YjA3NDg5ZDMxM2I0MWE=" 
 fortnite_token = "ZWM2ODRiOGM2ODdmNDc5ZmFkZWEzY2IyYWQ4M2Y1YzY6ZTFmMzFjMjExZjI4NDEzMTg2MjYyZDM3YTEzZmM4NGQ="

 # Fill out.
 email = ""
 password = ""
 two_factor_code = "" # Leave empty if you want to take an input from the console.


 def authenticate(session):
    # Request to fetch all cookies needed. With the request module all the
    # cookies are automatically stored in the session cookie jar.
    session.get(f"{base}/id/api/csrf")

    # Attempt to login with email and password.
    res = session.post(
        f"{base}/id/api/login", 
        headers={
            "x-xsrf-token": session.cookies.get("XSRF-TOKEN")
        },
        data={
            "email": email,
            "password": password,
            "rememberMe": False,
            "captcha": ""
        },
        cookies=session.cookies
    )
    
    if res.status_code == 400:
        raise ValueError("Wrong email/password entered.")

    if res.status_code == 409:
        return authenticate(session)

    # Do two factor authentication if necessary.
    if res.status_code == 431:
        # Since the user we are trying to log in as requires two factor authentication,
        # we have to fetch a new xsrf token and use that to authenticate with mfa and
        # for the rest of the requests.
        session.get(f"{base}/id/api/csrf")

        res = session.post(
            f"{base}/id/api/login/mfa",
            headers={
                "x-xsrf-token": session.cookies.get("XSRF-TOKEN")
            },
            data={
                "code": two_factor_code or input("Please enter the 2fa code: "),
                "method": "authenticator",
                "rememberDevice": False  # set to True if you want the device to be remembered
            },
            cookies=session.cookies
        )
        
        if res.status_code == 400:
            raise ValueError("Wrong 2fa code entered.")
    
    # Fetch exchange code.
    res = session.get(
        f"{base}/id/api/exchange", 
        headers={
            "x-xsrf-token": session.cookies.get("XSRF-TOKEN")
        },
        cookies=session.cookies
    )
    exchange_code = res.json()["code"]

    # Exchange the code to fetch the launcher access token.
    res = session.post(
        f"{base_public_service}/account/api/oauth/token", 
        headers={
            "Authorization": f"basic {launcher_token}"
        },
        data={
            "grant_type": "exchange_code",
            "exchange_code": exchange_code,
            "token_type": "eg1"
        }
    )
    launcher_access_token = res.json()["access_token"]
    
    # The following code will use the launcher access token to retrieve
    # a fortnite access token. If you don't require fortnite permissions
    # you can cut out the part below.
    res = session.get(
        f"{base_public_service}/account/api/oauth/exchange",
        headers={
            "Authorization": f"Bearer {launcher_access_token}"
        }
    )
    exchange_code = res.json()["code"]

    res = session.post(
        f"{base_public_service}/account/api/oauth/token",
        headers={
            "Authorization": f"basic {fortnite_token}"
        },
        data={
            "grant_type": "exchange_code",
            "token_type": "eg1",
            "exchange_code": exchange_code
        }
    )

    # NOTE: Tokens expires after eight hours.
    fortnite_access_token = res.json()["access_token"]
    print(fortnite_access_token)
    with open("Auth.json", "w+") as f:
      f.write(json.dumps({"Token": fortnite_access_token}))

 while True:
 	time.sleep(90)
 	with requests.Session() as session:
 		authenticate(session)


 @app.route('/')
 def FNStatus():
  try:
    return send_file('Auth.json')
  except Exception as e4:
    return str(e4)

 if __name__ == '__main__':
    app.run(debug=True)
	import requests
	import json
	from flask import Flask, send_file
	from threading import Thread
	import time

	# Constants. These should not be tampered with.
	app = Flask(__name__)
	Thread(target=app.run, args=("0.0.0.0", 8080)).start()

	# Constants. These should not be tampered with.
	base = "https://www.epicgames.com"
	base_public_service = "https://account-public-service-prod03.ol.epicgames.com"
	launcher_token = "MzQ0NmNkNzI2OTRjNGE0NDg1ZDgxYjc3YWRiYjIxNDE6OTIwOWQ0YTVlMjVhNDU3ZmI5YjA3NDg5ZDMxM2I0MWE="
	fortnite_token = "ZWM2ODRiOGM2ODdmNDc5ZmFkZWEzY2IyYWQ4M2Y1YzY6ZTFmMzFjMjExZjI4NDEzMTg2MjYyZDM3YTEzZmM4NGQ="

	# Fill out.
	email = ""
	password = ""
	two_factor_code = "" # Leave empty if you want to take an input from the console.


	def authenticate(session):
	# Request to fetch all cookies needed. With the request module all the
	# cookies are automatically stored in the session cookie jar.
	session.get(f"{base}/id/api/csrf")

	# Attempt to login with email and password.
	res = session.post(
	f"{base}/id/api/login",
	headers={
	"x-xsrf-token": session.cookies.get("XSRF-TOKEN")
	},
	data={
	"email": email,
	"password": password,
	"rememberMe": False,
	"captcha": ""
	},
	cookies=session.cookies
	)

	if res.status_code == 400:
	raise ValueError("Wrong email/password entered.")

	if res.status_code == 409:
	return authenticate(session)

	# Do two factor authentication if necessary.
	if res.status_code == 431:
	# Since the user we are trying to log in as requires two factor authentication,
	# we have to fetch a new xsrf token and use that to authenticate with mfa and
	# for the rest of the requests.
	session.get(f"{base}/id/api/csrf")

	res = session.post(
	f"{base}/id/api/login/mfa",
	headers={
	"x-xsrf-token": session.cookies.get("XSRF-TOKEN")
	},
	data={
	"code": two_factor_code or input("Please enter the 2fa code: "),
	"method": "authenticator",
	"rememberDevice": False # set to True if you want the device to be remembered
	},
	cookies=session.cookies
	)

	if res.status_code == 400:
	raise ValueError("Wrong 2fa code entered.")

	# Fetch exchange code.
	res = session.get(
	f"{base}/id/api/exchange",
	headers={
	"x-xsrf-token": session.cookies.get("XSRF-TOKEN")
	},
	cookies=session.cookies
	)
	exchange_code = res.json()["code"]

	# Exchange the code to fetch the launcher access token.
	res = session.post(
	f"{base_public_service}/account/api/oauth/token",
	headers={
	"Authorization": f"basic {launcher_token}"
	},
	data={
	"grant_type": "exchange_code",
	"exchange_code": exchange_code,
	"token_type": "eg1"
	}
	)
	launcher_access_token = res.json()["access_token"]

	# The following code will use the launcher access token to retrieve
	# a fortnite access token. If you don't require fortnite permissions
	# you can cut out the part below.
	res = session.get(
	f"{base_public_service}/account/api/oauth/exchange",
	headers={
	"Authorization": f"Bearer {launcher_access_token}"
	}
	)
	exchange_code = res.json()["code"]

	res = session.post(
	f"{base_public_service}/account/api/oauth/token",
	headers={
	"Authorization": f"basic {fortnite_token}"
	},
	data={
	"grant_type": "exchange_code",
	"token_type": "eg1",
	"exchange_code": exchange_code
	}
	)

	# NOTE: Tokens expires after eight hours.
	fortnite_access_token = res.json()["access_token"]
	print(fortnite_access_token)
	with open("Auth.json", "w+") as f:
	f.write(json.dumps({"Token": fortnite_access_token}))

	while True:
	time.sleep(90)
	with requests.Session() as session:
	authenticate(session)


	@app.route('/')
	def FNStatus():
	try:
	return send_file('Auth.json')
	except Exception as e4:
	return str(e4)

	if __name__ == '__main__':
	app.run(debug=True)