The following snippet shows a sample request using password grant type:Ĭontent-Type: application/x-www-form-urlencoded These parameters should be in the request body. The OAuth Client Secret for your application. The OAuth Client ID for your application.
#Epic games authenticator app code
The authorization code received from the authorization server.įor the client_credentials grant type (see Web Authorization ) The exchange code passed by Launcher to the game client only used with the exchange_code grant type. The password for the account only used with the password grant type. The username (email address) for the account only used with the password grant type. For example: basic profile, friends_list, and presence Space-delimited list of scopes (permissions) that will be requested from the user. Note: You must use this unique identifier to use the Ecommerce APIs, and to request access tokens used by game clients. For more information on deployments and deployment IDs see Product, Sandbox, and Deployment IDs. If the deployment is not public, only users who have been entitled will be able to log in. This will impact interactions with other services that require a deployment. The deployment ID that the client is trying to authenticate with. The grant type being used: exchange_code, password, refresh_token, or client_credentials. This endpoint supports the following post parameters: The client credentials will be passed in the Authorization header using Basic authorization. This endpoint implements RFC 7009 - OAuth 2.0 Token Revocation. If you want to indicate that an access token is no longer needed, use. To request an access token, the client must make an HTTP request to the Epic token endpoint, passing the client credentials (Client ID and Secret) and user credentials. Once the client has the necessary information to request a token (including the exchange code, authorization code, and user credentials), it begins by requesting an access token. We only support OAuth 2.0 for authentication, with additional custom grant types. The web server will include the access token on all requests to Epic services.Īs the first step in the authentication flow, the user must authenticate with Epic Account Services. The response will include an access token, as well as information about the client and account that were authenticated. Once authorized, the user agent will redirect back to your web application with an authorization code included as a query parameter.Īfter the redirect, the web server will make a request to the Epic token endpoint using the client credentials and authorization code. The user will be asked to log in using their Epic Games account, and may be asked to authorize your application. Web Server Applicationsįor server-side applications, the flow will begin by taking the user through the Epic authorization flow on a web browser so that it can obtain an authorization code. This typically occurs within 2 hours after the access token is issued.ĭiagram illustrating Epic Games Launcher authentication flow. The game client will need to use the refresh token if the access token expires. When applicable, a refresh token will also be included in the token response. The access token can also be passed to trusted game servers for verification, or for use in service-to-service requests.
The game client will include the access token on all requests to Epic services. The response will include an access token, information about the client and account that were authenticated, and an optional refresh token. When the game client is launched, it will make a request to the Epic token endpoint that includes the client credentials and exchange code. This exchange code is generated by the Epic Launcher and passed to the game client as a command-line argument. Scenarios Game Client on the Epic Games StoreĪ game client launched from the Epic Games Store will authenticate with Epic's authorization server using a one-time use exchange code. See our guide on Getting Started with Epic Account Services for more details. These will be in the form of a Client ID and Client Secret, and will be used when requesting an access token from the Epic authorization server. Epic has also introduced custom grant types for some specific use cases.īefore starting, you will need to obtain OAuth 2.0 client credentials from Epic. Epic Games Services uses the OAuth 2.0 protocol for authentication and authorization, supporting common-use cases for web servers and client-side applications.
0 kommentar(er)
