-
-
Save iXyles/ec40cb40a2a186425ec6bfb9dcc2ddda to your computer and use it in GitHub Desktop.
using System; | |
using System.Linq; | |
using System.Net; | |
using Newtonsoft.Json; | |
using RestSharp; | |
namespace FNFlowAuthNETCore | |
{ | |
public class EpicFortniteAuthFlow | |
{ | |
static void Main(string[] args) | |
{ | |
new EpicFortniteAuthFlow(); | |
} | |
public EpicFortniteAuthFlow() | |
{ | |
var email = ""; | |
var password = ""; | |
Console.WriteLine(GetOAuthToken(email, password)); | |
Console.ReadKey(); | |
} | |
public string GetOAuthToken(string email, string password, CookieContainer cookieJar = null, string authMethod = null) | |
{ | |
if (cookieJar == null) | |
cookieJar = new CookieContainer(); | |
var client = new RestClient("https://www.epicgames.com/id/api/") | |
{ | |
CookieContainer = cookieJar | |
}; | |
var csrfRes = client.Execute(new RestRequest("csrf", Method.GET)); | |
var token = csrfRes.Cookies.First(x => x.Name == "XSRF-TOKEN").Value; | |
var loginRequest = new RestRequest(!string.IsNullOrEmpty(authMethod) ? "login/mfa" : "login", Method.POST) | |
.AddHeader("Content-Type", "application/x-www-form-urlencoded") | |
.AddHeader("x-xsrf-token", token); | |
if (!string.IsNullOrEmpty(authMethod)) | |
{ | |
try | |
{ | |
Console.Write("Two factor detected, write the 6 number code from 2FA: "); | |
var authKey = Int32.Parse(Console.ReadLine()); | |
var twoStep = client.Execute(loginRequest | |
.AddParameter("code", authKey) | |
.AddParameter("method", authMethod) | |
.AddParameter("rememberDevice", false)); | |
if (twoStep.StatusCode == HttpStatusCode.BadRequest) | |
return "WRONG AUTHENTICATED 2AUTH KEY"; | |
} | |
catch (Exception) | |
{ | |
return "WRONG AUTHENTICATED 2AUTH KEY"; | |
} | |
} | |
else | |
{ | |
IRestResponse loginRes = client.Execute(loginRequest | |
.AddParameter("email", email) | |
.AddParameter("password", password) | |
.AddParameter("rememberMe", true)); | |
if (loginRes.StatusCode == HttpStatusCode.Conflict) | |
return GetOAuthToken(email, password, cookieJar); | |
if (loginRes.StatusCode == HttpStatusCode.RequestHeaderFieldsTooLarge) | |
return GetOAuthToken(email, password, cookieJar, (string) JsonConvert.DeserializeObject<dynamic>(loginRes.Content)["metadata"].twoFactorMethod); | |
} | |
var exchangeRes = client.Execute( | |
new RestRequest("exchange", Method.POST) | |
.AddHeader("x-xsrf-token", token)); | |
var oauthClient = new RestClient("https://account-public-service-prod03.ol.epicgames.com/account/api/oauth/token"); | |
var oauthRes = oauthClient.Execute( | |
new RestRequest(Method.POST) | |
.AddHeader("Content-Type", "application/x-www-form-urlencoded") | |
.AddHeader("Authorization", "basic MzQ0NmNkNzI2OTRjNGE0NDg1ZDgxYjc3YWRiYjIxNDE6OTIwOWQ0YTVlMjVhNDU3ZmI5YjA3NDg5ZDMxM2I0MWE=") | |
.AddParameter("grant_type", "exchange_code") | |
.AddParameter("exchange_code", JsonConvert.DeserializeObject<dynamic>(exchangeRes.Content)["code"]) | |
.AddParameter("includePerms", true) | |
.AddParameter("token_type", "eg1")); | |
return JsonConvert.DeserializeObject<dynamic>(oauthRes.Content)["access_token"]; | |
} | |
} | |
} |
I'm having difficulty implementing this for myself but I did verify the changes you made are working. Thanks for making an update!
- GET
/id/api/csrf
and getXSRF-TOKEN
- POST
/id/api/login
and set 'x-xsrf-token' token in header and cookie from #1 - login returns
errors.com.epicgames.accountportal.session_invalidated
on first call - Send Cookie from #1 to
/id/api/csrf
and get the newXSRF-TOKEN
and cookie - POST
/id/api/login
and set 'x-xsrf-token' to token in header and cookie from #4
I just keep getting the errors.com.epicgames.accountportal.session_invalidated
error.
Hello Marcus.
I was searching Google to find a snippet for Epic Games web-based authentication and i came across your Github. I tried to copy exactly what you had but I'm getting an error saying that Authorization code was not found or is invalid. I would really appreciate it if you can help me with this issue. I just don't understand where i need to get the Authorization code. I have been told that it's base64 of client id and client secret. Below is my snippet. Any help is appreciate it.
var credentials = Convert.ToBase64String(Encoding.ASCII.GetBytes(CLIENT_ID:CLIENT_SECRET));
var oauthClient = new RestClient(https://api.epicgames.dev/epic/oauth/v1/token);
var oauthRes = oauthClient.Execute(
new RestRequest(Method.POST)
.AddHeader("Content-Type", "application/x-www-form-urlencoded")
.AddHeader("Host", "api.epicgames.dev")
.AddHeader("Authorization", "Basic "+ credentials)
.AddParameter("grant_type", "authorization_code")
.AddParameter("deployment_id", "a5aa686defa64131b1edc48c31b40d1a")
.AddParameter("scope", "basic_profile")
.AddParameter("code", code)
.AddParameter("redirect_uri", "https://test:44300/EOSAuth"));
var res = JsonConvert.DeserializeObject<dynamic>(oauthRes.Content);
Sorry, I am not fully sure that I understand your use-case of what you are trying to do. This is an old gist of how you did it earlier in an easy way. I am not planning to create a gist/version of what you are trying to do above.
var credentials = Convert.ToBase64String(Encoding.ASCII.GetBytes(CLIENT_ID:CLIENT_SECRET));
Client_ID + CLIENT_SECRET both code are stored in binary,
but luckily I can read base64 decode and this is what it looks like:
Authorization Header is present: basic MzQ0NmNkNzI2OTRjNGE0NDg1ZDgxYjc3YWRiYjIxNDE6OTIwOWQ0YTVlMjVhNDU3ZmI5YjA3NDg5ZDMxM2I0MWE=
code is above..
Decoded Username:Password= 3446cd72694c4a4485d81b77adbb2141:9209d4a5e25a457fb9b07489d313b41a
so ez..
They did a modification to the flow yes, if you get a status conflict code as result from the login endpoint, re-do the xsrf (but you've to send the cookies from first login attempt & xsrf) and then do the login again.
PS: This gist got updated yesterday to make it work again, so yes it does work :)