Skip to content

Instantly share code, notes, and snippets.

@iXyles
Last active December 4, 2022 07:12
Show Gist options
  • Save iXyles/ec40cb40a2a186425ec6bfb9dcc2ddda to your computer and use it in GitHub Desktop.
Save iXyles/ec40cb40a2a186425ec6bfb9dcc2ddda to your computer and use it in GitHub Desktop.
Simple small OAuth flow for Epicgames new login system, 2FA support
using System;
using System.Linq;
using System.Net;
using Newtonsoft.Json;
using RestSharp;
namespace FNFlowAuthNETCore
{
public class EpicFortniteAuthFlow
{
static void Main(string[] args)
{
new EpicFortniteAuthFlow();
}
public EpicFortniteAuthFlow()
{
var email = "";
var password = "";
Console.WriteLine(GetOAuthToken(email, password));
Console.ReadKey();
}
public string GetOAuthToken(string email, string password, CookieContainer cookieJar = null, string authMethod = null)
{
if (cookieJar == null)
cookieJar = new CookieContainer();
var client = new RestClient("https://www.epicgames.com/id/api/")
{
CookieContainer = cookieJar
};
var csrfRes = client.Execute(new RestRequest("csrf", Method.GET));
var token = csrfRes.Cookies.First(x => x.Name == "XSRF-TOKEN").Value;
var loginRequest = new RestRequest(!string.IsNullOrEmpty(authMethod) ? "login/mfa" : "login", Method.POST)
.AddHeader("Content-Type", "application/x-www-form-urlencoded")
.AddHeader("x-xsrf-token", token);
if (!string.IsNullOrEmpty(authMethod))
{
try
{
Console.Write("Two factor detected, write the 6 number code from 2FA: ");
var authKey = Int32.Parse(Console.ReadLine());
var twoStep = client.Execute(loginRequest
.AddParameter("code", authKey)
.AddParameter("method", authMethod)
.AddParameter("rememberDevice", false));
if (twoStep.StatusCode == HttpStatusCode.BadRequest)
return "WRONG AUTHENTICATED 2AUTH KEY";
}
catch (Exception)
{
return "WRONG AUTHENTICATED 2AUTH KEY";
}
}
else
{
IRestResponse loginRes = client.Execute(loginRequest
.AddParameter("email", email)
.AddParameter("password", password)
.AddParameter("rememberMe", true));
if (loginRes.StatusCode == HttpStatusCode.Conflict)
return GetOAuthToken(email, password, cookieJar);
if (loginRes.StatusCode == HttpStatusCode.RequestHeaderFieldsTooLarge)
return GetOAuthToken(email, password, cookieJar, (string) JsonConvert.DeserializeObject<dynamic>(loginRes.Content)["metadata"].twoFactorMethod);
}
var exchangeRes = client.Execute(
new RestRequest("exchange", Method.POST)
.AddHeader("x-xsrf-token", token));
var oauthClient = new RestClient("https://account-public-service-prod03.ol.epicgames.com/account/api/oauth/token");
var oauthRes = oauthClient.Execute(
new RestRequest(Method.POST)
.AddHeader("Content-Type", "application/x-www-form-urlencoded")
.AddHeader("Authorization", "basic MzQ0NmNkNzI2OTRjNGE0NDg1ZDgxYjc3YWRiYjIxNDE6OTIwOWQ0YTVlMjVhNDU3ZmI5YjA3NDg5ZDMxM2I0MWE=")
.AddParameter("grant_type", "exchange_code")
.AddParameter("exchange_code", JsonConvert.DeserializeObject<dynamic>(exchangeRes.Content)["code"])
.AddParameter("includePerms", true)
.AddParameter("token_type", "eg1"));
return JsonConvert.DeserializeObject<dynamic>(oauthRes.Content)["access_token"];
}
}
}
@iXyles
Copy link
Author

iXyles commented Dec 10, 2020

Sorry, I am not fully sure that I understand your use-case of what you are trying to do. This is an old gist of how you did it earlier in an easy way. I am not planning to create a gist/version of what you are trying to do above.

@kkm
Copy link

kkm commented Dec 4, 2022

@hamed-estsoft @iXyles

var credentials = Convert.ToBase64String(Encoding.ASCII.GetBytes(CLIENT_ID:CLIENT_SECRET));

Client_ID + CLIENT_SECRET both code are stored in binary,
but luckily I can read base64 decode and this is what it looks like:
Authorization Header is present: basic MzQ0NmNkNzI2OTRjNGE0NDg1ZDgxYjc3YWRiYjIxNDE6OTIwOWQ0YTVlMjVhNDU3ZmI5YjA3NDg5ZDMxM2I0MWE= code is above..
Decoded Username:Password= 3446cd72694c4a4485d81b77adbb2141:9209d4a5e25a457fb9b07489d313b41a

so ez..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment