- isLoggedIn(): Wait for egs-navigation element, add timeout
- attemptBrowserLogin(): Multiple login status checks after navigation
- Manual login wait loop: Confirm stable login state before proceeding
- Add delays to let page stabilize before checking login status
- Better logging for debugging login flow
Fixes issue where login succeeded but was reported as failed due to timing
- epic-claimer-new.js: Complete rewrite with practical approach
- FlareSolverr integration for Cloudflare solving
- Cookie persistence (saved to epic-cookies.json)
- Auto-load cookies on startup (no login needed if valid)
- Manual login fallback via noVNC if needed
- Proper 2FA/OTP support
- Better error handling and logging
- SETUP.md: Complete setup guide
- Docker Compose examples
- Environment variable reference
- Troubleshooting section
- 2FA setup instructions
- Volume backup/restore
- README.md: Add reference to SETUP.md
- OAUTH_DEVICE_FLOW_ISSUE.md: Document why OAuth Device Flow doesn't work
- Epic Games doesn't provide public device auth credentials
- Client credentials flow requires registered app
- Hybrid approach is the practical solution
How it works:
1. First run: Login via browser (FlareSolverr helps with Cloudflare)
2. Cookies saved to epic-cookies.json
3. Subsequent runs: Load cookies, no login needed
4. If cookies expire: Auto-fallback to login flow
5. Manual login via noVNC if automation fails
This is the approach used by all successful Epic Games claimer projects.
- epic-claimer-new.js: Try Device Flow first, fall back to email/password
- Fixes: invalid_client_credentials error when device auth not configured
- Users with EG_EMAIL/EG_PASSWORD can now use browser login as fallback
- Device Flow remains available for users with valid credentials
Behavior:
1. Try OAuth Device Flow (bypasses Cloudflare)
2. On failure (invalid credentials), use browser login
3. Browser login uses EG_EMAIL/EG_PASSWORD/EG_OTPKEY
4. Manual login via noVNC if both methods fail
- src/device-login.js: New module implementing Epic Games OAuth Device Flow
- src/logger.js: Simple logger module for consistent logging
- src/config.js: Add deviceAuthClientId and deviceAuthSecret config
- epic-claimer-new.js: Use OAuth Device Flow instead of browser login
- Cloudflare bypass: Device Flow uses API, user logs in own browser
- Based on: https://github.com/claabs/epicgames-freegames-node
How it works:
1. Get client credentials from Epic OAuth API
2. Get device authorization code with verification URL
3. Send user notification with login link
4. User clicks link and logs in (handles Cloudflare manually)
5. Poll for authorization completion
6. Save and use access/refresh tokens
7. Tokens auto-refresh on expiry
Benefits:
- No Cloudflare issues (no bot detection)
- Persistent tokens (no repeated logins)
- Works in headless mode
- More reliable than browser automation
- Add Cloudflare bypass functionality using FlareSolverr service
- Configure FlareSolverr Docker service with environment options
- Add flaresolverr_url config option with default localhost fallback
- Replace manual Cloudflare challenge notification with automated solving attempt
- Create new cloudflare.js module with health check, challenge detection, and solution application
-removed axios dependency and replaced server-side API calls with in-page fetch() execution
-migrated from OAuth device flow to browser-based authentication using persistent context
-simplified claim flow by removing manual token exchange and cookie management
The OAuth device flow has been refactored to use the client credentials grant flow as the first step, followed by a proper device authorization request using the obtained client credentials token. This change modernizes the authentication flow to align with current Epic Games OAuth requirements and replaces the previous direct device authorization approach that used client_id and client_secret in the request body with the standardized authorization header pattern.
The changes replace old API endpoints with current Epic Games' Public Account Service URLs and update the client ID across all OAuth requests (device authorization, token exchange, and refresh). This resolves authentication failures caused by deprecated endpoints and credentials.
Replace legacy OAuth token endpoint with new Epic Games API endpoint,
and add required Content-Type header for device authorization request
to comply with updated API expectations.
- imports device auth utility functions
- adds logic to reuse Epic Games device authentication from legacy mode
- loads device auth cookies (EPIC_SSO_RM, EPIC_DEVICE, EPIC_SESSION_AP) when available
- falls back to regular authentication if device auth is not present
This enables seamless transition for users migrating from legacy authentication while maintaining backward compatibility.
- add OAuth device flow for secure authentication
- implement automatic and manual login handling
- enhance game claiming process with error handling and notifications
♻️ refactor(epic-claimer): remove unused code and improve structure
- remove unused resolve function
- restructure authentication and login logic for clarity
📝 docs(epic-claimer): update comments for better code understanding
- clarify function purposes and steps in comments
- add detailed explanations for new authentication flow
- remove unused functions and comments for clarity
- streamline login logic and error handling
- prepare for future enhancements with modular function placeholders
- implement extensive testing for new epic games claiming functionality
- ensure robust coverage of API interactions, OAuth flows, and game claiming logic
✨ feat(epic-claimer-new): introduce new epic games claiming logic
- add new logic for claiming free games via API with OAuth device flow
- implement automatic cookie reuse and manual login fallback
- enhance error handling and logging for improved debugging
♻️ refactor(epic-claimer-new): optimize code structure and modularity
- refactor functions for better code organization and readability
- modularize authentication and game claiming processes for reusability
🔧 chore(eslintrc): update eslint configuration
- add stylistic plugins and rules for better code consistency
- configure globals and parser options for modern JavaScript compatibility
- import axios, playwright-firefox, otplib, and node modules for enhanced functionality
- add utility imports from local modules for better code organization
- define URL_CLAIM, COOKIES_PATH, and BEARER_TOKEN_NAME constants for clearer code structure
