This form of authentication is primarily used by mobile devices on games such as Fortnite and Battle Breakers.
Unlike exchange codes, a device auth is a set of three values that are needed to generate an access token, those being:
- Account ID
- Device ID
- Secret
- Device auth only expires in result of a user action (e.g. changing password) and not naturally
- Most clients support this grant type
- Can only generate access tokens for the client that the device auth was issued to
- To generate a device auth, you must already be authenticated
-
Make sure you have an access token that is valid. If not, I suggest getting one through an authorization code and using the
fortniteIOSGameClientclient -
Send a
POSTrequest to https://account-public-service-prod.ol.epicgames.com/account/api/public/account/:accountId/deviceAuth (replacing:accountIdwith your own):
Required headers:Authorization: Bearer (your access token)
Make sure to save the response somewhere!
-
Send a
POSTrequest to https://account-public-service-prod.ol.epicgames.com/account/api/oauth/token:
Required headers:Content-Type: application/x-www-form-urlencodedAuthorization: basicclientId:secret(encoded in Base64, must be the same client that was used to generate device auth)
Body:
grant_type: device_authaccount_id: (account id from before)device_id: (device id from before)secret: (secret from before)
If done successfully, you should now have a set of device auth credentials that can be used to authenticate at any time as well as an access token that can be used to access the rest of Epic's services!