- epic-claimer-new.js: Try Device Flow first, fall back to email/password
- Fixes: invalid_client_credentials error when device auth not configured
- Users with EG_EMAIL/EG_PASSWORD can now use browser login as fallback
- Device Flow remains available for users with valid credentials
Behavior:
1. Try OAuth Device Flow (bypasses Cloudflare)
2. On failure (invalid credentials), use browser login
3. Browser login uses EG_EMAIL/EG_PASSWORD/EG_OTPKEY
4. Manual login via noVNC if both methods fail
- src/device-login.js: New module implementing Epic Games OAuth Device Flow
- src/logger.js: Simple logger module for consistent logging
- src/config.js: Add deviceAuthClientId and deviceAuthSecret config
- epic-claimer-new.js: Use OAuth Device Flow instead of browser login
- Cloudflare bypass: Device Flow uses API, user logs in own browser
- Based on: https://github.com/claabs/epicgames-freegames-node
How it works:
1. Get client credentials from Epic OAuth API
2. Get device authorization code with verification URL
3. Send user notification with login link
4. User clicks link and logs in (handles Cloudflare manually)
5. Poll for authorization completion
6. Save and use access/refresh tokens
7. Tokens auto-refresh on expiry
Benefits:
- No Cloudflare issues (no bot detection)
- Persistent tokens (no repeated logins)
- Works in headless mode
- More reliable than browser automation
- Add Cloudflare bypass functionality using FlareSolverr service
- Configure FlareSolverr Docker service with environment options
- Add flaresolverr_url config option with default localhost fallback
- Replace manual Cloudflare challenge notification with automated solving attempt
- Create new cloudflare.js module with health check, challenge detection, and solution application
-removed axios dependency and replaced server-side API calls with in-page fetch() execution
-migrated from OAuth device flow to browser-based authentication using persistent context
-simplified claim flow by removing manual token exchange and cookie management
The OAuth device flow has been refactored to use the client credentials grant flow as the first step, followed by a proper device authorization request using the obtained client credentials token. This change modernizes the authentication flow to align with current Epic Games OAuth requirements and replaces the previous direct device authorization approach that used client_id and client_secret in the request body with the standardized authorization header pattern.
The changes replace old API endpoints with current Epic Games' Public Account Service URLs and update the client ID across all OAuth requests (device authorization, token exchange, and refresh). This resolves authentication failures caused by deprecated endpoints and credentials.
Replace legacy OAuth token endpoint with new Epic Games API endpoint,
and add required Content-Type header for device authorization request
to comply with updated API expectations.
- imports device auth utility functions
- adds logic to reuse Epic Games device authentication from legacy mode
- loads device auth cookies (EPIC_SSO_RM, EPIC_DEVICE, EPIC_SESSION_AP) when available
- falls back to regular authentication if device auth is not present
This enables seamless transition for users migrating from legacy authentication while maintaining backward compatibility.
- add OAuth device flow for secure authentication
- implement automatic and manual login handling
- enhance game claiming process with error handling and notifications
♻️ refactor(epic-claimer): remove unused code and improve structure
- remove unused resolve function
- restructure authentication and login logic for clarity
📝 docs(epic-claimer): update comments for better code understanding
- clarify function purposes and steps in comments
- add detailed explanations for new authentication flow
- remove unused functions and comments for clarity
- streamline login logic and error handling
- prepare for future enhancements with modular function placeholders
- implement extensive testing for new epic games claiming functionality
- ensure robust coverage of API interactions, OAuth flows, and game claiming logic
✨ feat(epic-claimer-new): introduce new epic games claiming logic
- add new logic for claiming free games via API with OAuth device flow
- implement automatic cookie reuse and manual login fallback
- enhance error handling and logging for improved debugging
♻️ refactor(epic-claimer-new): optimize code structure and modularity
- refactor functions for better code organization and readability
- modularize authentication and game claiming processes for reusability
🔧 chore(eslintrc): update eslint configuration
- add stylistic plugins and rules for better code consistency
- configure globals and parser options for modern JavaScript compatibility
- import axios, playwright-firefox, otplib, and node modules for enhanced functionality
- add utility imports from local modules for better code organization
- define URL_CLAIM, COOKIES_PATH, and BEARER_TOKEN_NAME constants for clearer code structure
