← Test Tools  ·  Epic Online Services

idle

Configuration

← change project in the test-tools landing page · values are shared via localStorage.
Add this exact URL to Trusted Redirect URLs in dev.epicgames.com → Product Settings → Clients (for the same Client ID that's saved in the admin panel). The tool sends it as redirect_origin in :start, overriding the project's default callback for this flow.
Generates code_verifier in this tab and forwards it through :start (challenge) and :callback (verifier). EOS supports PKCE on confidential clients — leave on unless explicitly probing the no-PKCE path.

Flow

  1. 1
    Configuration ready
    API base + public key are set.
  2. 2
    POST /oauth/epic:start
    Backend signs a state token and returns Epic's authorize URL (built from the saved client_id + deployment_id). With PKCE on, this tab sends code_challenge here and keeps the verifier in sessionStorage.
  3. 3
    Epic consent
    User signs in with their Epic account; browser is redirected back here with code + state.
  4. 4
    POST /oauth/epic:callback
    Backend exchanges code → EOS tokens (with code_verifier if PKCE was used), verifies audience against the saved client_id, resolves the player.
  5. 5
    Player session issued
    Returns player_id, session_token, expires_at, is_new.

Network trace

Each request/response will be logged here as the flow runs.