- isLoggedIn(): Wait for egs-navigation element, add timeout
- attemptBrowserLogin(): Multiple login status checks after navigation
- Manual login wait loop: Confirm stable login state before proceeding
- Add delays to let page stabilize before checking login status
- Better logging for debugging login flow
Fixes issue where login succeeded but was reported as failed due to timing
- epic-claimer-new.js: Complete rewrite with practical approach
- FlareSolverr integration for Cloudflare solving
- Cookie persistence (saved to epic-cookies.json)
- Auto-load cookies on startup (no login needed if valid)
- Manual login fallback via noVNC if needed
- Proper 2FA/OTP support
- Better error handling and logging
- SETUP.md: Complete setup guide
- Docker Compose examples
- Environment variable reference
- Troubleshooting section
- 2FA setup instructions
- Volume backup/restore
- README.md: Add reference to SETUP.md
- OAUTH_DEVICE_FLOW_ISSUE.md: Document why OAuth Device Flow doesn't work
- Epic Games doesn't provide public device auth credentials
- Client credentials flow requires registered app
- Hybrid approach is the practical solution
How it works:
1. First run: Login via browser (FlareSolverr helps with Cloudflare)
2. Cookies saved to epic-cookies.json
3. Subsequent runs: Load cookies, no login needed
4. If cookies expire: Auto-fallback to login flow
5. Manual login via noVNC if automation fails
This is the approach used by all successful Epic Games claimer projects.
- epic-claimer-new.js: Try Device Flow first, fall back to email/password
- Fixes: invalid_client_credentials error when device auth not configured
- Users with EG_EMAIL/EG_PASSWORD can now use browser login as fallback
- Device Flow remains available for users with valid credentials
Behavior:
1. Try OAuth Device Flow (bypasses Cloudflare)
2. On failure (invalid credentials), use browser login
3. Browser login uses EG_EMAIL/EG_PASSWORD/EG_OTPKEY
4. Manual login via noVNC if both methods fail
- src/device-login.js: New module implementing Epic Games OAuth Device Flow
- src/logger.js: Simple logger module for consistent logging
- src/config.js: Add deviceAuthClientId and deviceAuthSecret config
- epic-claimer-new.js: Use OAuth Device Flow instead of browser login
- Cloudflare bypass: Device Flow uses API, user logs in own browser
- Based on: https://github.com/claabs/epicgames-freegames-node
How it works:
1. Get client credentials from Epic OAuth API
2. Get device authorization code with verification URL
3. Send user notification with login link
4. User clicks link and logs in (handles Cloudflare manually)
5. Poll for authorization completion
6. Save and use access/refresh tokens
7. Tokens auto-refresh on expiry
Benefits:
- No Cloudflare issues (no bot detection)
- Persistent tokens (no repeated logins)
- Works in headless mode
- More reliable than browser automation
- Configure flaresolverr and free-games-claimer to use a shared bridge network
- Explicitly set container name for flaresolverr and declare network dependency
- Define custom bridge network `fgc-network` for isolating service communication
This ensures services can reliably communicate over Docker's internal DNS while maintaining network separation from other containers.
- Add Cloudflare bypass functionality using FlareSolverr service
- Configure FlareSolverr Docker service with environment options
- Add flaresolverr_url config option with default localhost fallback
- Replace manual Cloudflare challenge notification with automated solving attempt
- Create new cloudflare.js module with health check, challenge detection, and solution application
-removed axios dependency and replaced server-side API calls with in-page fetch() execution
-migrated from OAuth device flow to browser-based authentication using persistent context
-simplified claim flow by removing manual token exchange and cookie management
The OAuth device flow has been refactored to use the client credentials grant flow as the first step, followed by a proper device authorization request using the obtained client credentials token. This change modernizes the authentication flow to align with current Epic Games OAuth requirements and replaces the previous direct device authorization approach that used client_id and client_secret in the request body with the standardized authorization header pattern.
The changes replace old API endpoints with current Epic Games' Public Account Service URLs and update the client ID across all OAuth requests (device authorization, token exchange, and refresh). This resolves authentication failures caused by deprecated endpoints and credentials.
Replace legacy OAuth token endpoint with new Epic Games API endpoint,
and add required Content-Type header for device authorization request
to comply with updated API expectations.
- imports device auth utility functions
- adds logic to reuse Epic Games device authentication from legacy mode
- loads device auth cookies (EPIC_SSO_RM, EPIC_DEVICE, EPIC_SESSION_AP) when available
- falls back to regular authentication if device auth is not present
This enables seamless transition for users migrating from legacy authentication while maintaining backward compatibility.
The default value for `eg_mode` has been changed from 'new' back to 'legacy'. This reverts the previous commit (726b9bc) that changed the default, likely due to issues or instability with the new API-driven flow.
- standardize string literals to single quotes in constants.js
- remove unused variable and normalize whitespace in cookie.js
- simplify nullish coalescing expression in device-auths.js
This consistency improvement enhances code readability and enforces uniform style across the codebase.
Replace separate `docker buildx install` step with installing `docker-buildx` package directly via apk, streamlining the Docker Buildx setup in the CI workflow.
