Epic Games uses OAuth2 for authentication.
- In order to authenticate you first need to decide for which client you want to authenticate for. A list of clients can be found here or on https://egs.jaren.wtf, which also allows to search by permission.
- Now you need to build the basic auth header. So you will need to base64 encode the following formatted string
{clientId}:{clientSecret}
(replace the variables).
So for thefortnitePCGameClient
client this would beZWM2ODRiOGM2ODdmNDc5ZmFkZWEzY2IyYWQ4M2Y1YzY6ZTFmMzFjMjExZjI4NDEzMTg2MjYyZDM3YTEzZmM4NGQ=
. - Then you need to decide, if you want to authenticate as the client, or as a account. You should remember that many apis require account authentication and possibly also require an eg1 (JWT) access token, which can be gotten with including the
token_type
parameter with theeg1
value in the token request.
When you want to authenticate as a client, you will need to use the client_credentials
Grant Type.
So this would be an example http request for the fortnitePCGameClient
client.
POST /account/api/oauth/token HTTP/1.1
Host: account-public-service-prod.ol.epicgames.com
Content-Type: application/x-www-form-urlencoded
Authorization: Basic ZWM2ODRiOGM2ODdmNDc5ZmFkZWEzY2IyYWQ4M2Y1YzY6ZTFmMzFjMjExZjI4NDEzMTg2MjYyZDM3YTEzZmM4NGQ=
grant_type=client_credentials
Which will respond with the authentication session.
{
"access_token": "266e2719635f4a899e94bd19c4422a90",
"expires_in": 14400,
"expires_at": "2023-11-12T13:29:34.070Z",
"token_type": "bearer",
"client_id": "ec684b8c687f479fadea3cb2ad83f5c6",
"internal_client": true,
"client_service": "prod-fn",
"product_id": "prod-fn",
"application_id": "fghi4567FNFBKFz3E4TROb0bmPS8h1GW"
}
When you decide to authenticate as a account, you need to choose the way to authenticate (e.g. external auth like playstation, authorization code, etc.)
Using the authorization code is usually the easiest:
- Login to epicgames.com
- Check out the authorization code creation web api docs how to create such a code
- Send the request to exchange the code for a authentication session
POST /account/api/oauth/token HTTP/1.1
Host: account-public-service-prod.ol.epicgames.com
Content-Type: application/x-www-form-urlencoded
Authorization: Basic ZWM2ODRiOGM2ODdmNDc5ZmFkZWEzY2IyYWQ4M2Y1YzY6ZTFmMzFjMjExZjI4NDEzMTg2MjYyZDM3YTEzZmM4NGQ=
grant_type=authorization_code&code=REPLACE_THIS
Which will respond with
{
"access_token": "7c0aa5ad4721454a81a0f48683715978",
"expires_in": 7200,
"expires_at": "2023-11-12T13:06:47.813Z",
"token_type": "bearer",
"refresh_token": "a2f033647d414de2bbe04b1c12b5b5ee",
"refresh_expires": 28800,
"refresh_expires_at": "2023-11-12T19:06:47.814Z",
"account_id": "94b1569506b04f9f8557af611e8c5e47",
"client_id": "ec684b8c687f479fadea3cb2ad83f5c6",
"internal_client": true,
"client_service": "prod-fn",
"scope": ["basic_profile"],
"displayName": "lele stw moment",
"app": "prod-fn",
"in_app_id": "94b1569506b04f9f8557af611e8c5e47",
"device_id": "63e3b71af76e4fc48841b92c5eb3d69d",
"product_id": "prod-fn",
"application_id": "fghi4567FNFBKFz3E4TROb0bmPS8h1GW"
}