Hello,
We currently authenticate users via Epic Games using the Exchange Code flow and successfully obtain a valid Epic access token in-game. In one of our use cases, we need to link the user’s Epic account to an external platform using an endpoint like /api/epic-games/login.
First time to complete the linking process, we open an in-game browser (WebBrowser plugin) where the user can authenticate with the external platform and Epic. However, we’d like to avoid requiring the user to re-authenticate with Epic through the browser, since they’ve already gone through OAuth in-game and we already have a valid access token.
Is there any supported way to perform a silent login or session authentication using the access token obtained from the Exchange Code flow—so that the Epic login screen can be skipped in the browser during the linking and user will login only for external platform?
Best regards,
Harut
Hey there!
Following up with my previous message just want to check in if there is any way to perform a silent login or session authentication using the access token obtained from the Exchange Code flow—so that the Epic login screen can be skipped in the browser during the linking and user will login only for external platform?
Thanks. Looking forward to hearing from you soon!
Harut
Hey,
Sorry for the delay; our offices were closed for 2 weeks. Once the player has logged in - the EOS_Auth_Login callback has fired - your game can retrieve their Epic Account Services token using EOS_Auth_CopyIdToken and pass it to your backend service. Your backend service can verify the token using the SDK’s EOS_Auth_VerifyIdToken, using the Web API, or using the approach described here.
Thanks,
Seb
Hello!
We’re able to verify with our own backend using the tokens, but what we’re looking to do is allowing the user to skip the Epic Login during the OAuth flow since the user is already logged into the launcher.
So we have these 2 flows:
User with an account:
Game launches
Game receives EOS launcher code, exchanges for access token
Sends access token to our service
Service verifies token and logs the user into our service
Log the user into our service and return tokens to the game
User without an account:
Games launches
Game receives EOS launcher code, exchanges for access token
Sends access token to our service
Service returns “No user found”
User clicks “Register”
Service starts the OAuth flow with scopes to Epic
User has to log in to Epic Games and accept the connection
Callback to our service, we verify the tokens
Log the user into our service and return tokens to the game
The part we’re looking to skip is this part
“User has to log in to Epic Games and accept the connection”
Since the user is already logged into the launcher, we’d like to be able to skip straight to the user accepting the connection to our app. Would it be possible to do this from within the engine?
Hi Ricky,
The approach is what I described in my previous post. If you are using an EOS plugin, you will likely need to modify it. Here’s the SDK calls side-by-side with the flow you described:
Games launches
Game receives EOS launcher code, exchanges for access token → EOS_Auth_Login with ExchangeCode (scope request for Epic happens here)
Sends access token to our service → Copy the EAS token using EOS_Auth_CopyIdToken (or EOS_Auth_CopyUserAuthToken)
Service returns “No user found”
User clicks “Register”
Service starts the OAuth flow with scopes to Epic → EOS_Auth_Login with RefreshToken (the user will not be prompted)
User has to log in to Epic Games and accept the connection
Callback to our service, we verify the tokens
Log the user into our service and return tokens to the game
Thanks,
Seb
Ah, very interesting, we’ll give this a shot!
Thank you for the insight here!