Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/xmistt/rebootpy/llms.txt

Use this file to discover all available pages before exploring further.

Authenticates using a launcher refresh token. This authentication method is useful when you have a valid refresh token from a previous authentication session.

Class Signature

class RefreshTokenAuth(Auth):
    def __init__(self, refresh_token: str, **kwargs: Any) -> None

Parameters

refresh_token
str
required
A valid launcher refresh token.
ios_token
str
The main Fortnite token to use with authentication. You should generally not need to set this manually.

Properties

authorization
str
The Authorization header for use with Fortnite endpoints. Use this if you’re making HTTP requests that aren’t already implemented.
identifier
str
Returns the refresh token.

Methods

eula_check_needed

def eula_check_needed() -> bool
Returns whether EULA check is needed. Returns: False (refresh token auth doesn’t require EULA check)

ios_authenticate

async def ios_authenticate(priority: int = 0) -> dict
Performs iOS authentication using the refresh token.
priority
int
default:"0"
The request priority.
Returns: Authentication data dictionary

authenticate

async def authenticate(priority: int = 0) -> None
Authenticates the client and sets up all required tokens.
priority
int
default:"0"
The request priority.
Side effects:
  • Updates iOS token data
  • Kills other sessions (if client.kill_other_sessions is True)
  • Obtains and updates chat, EAS, and EOS tokens
  • Sets up the client user

Example Usage

Basic usage

import rebootpy

client = rebootpy.Client(
    auth=rebootpy.RefreshTokenAuth(
        refresh_token='your-refresh-token-here'
    )
)

await client.start()

Loading from environment variables

import rebootpy
import os

client = rebootpy.Client(
    auth=rebootpy.RefreshTokenAuth(
        refresh_token=os.getenv('REFRESH_TOKEN')
    )
)

await client.start()

Loading from a file

import rebootpy

with open('refresh_token.txt', 'r') as f:
    refresh_token = f.read().strip()

client = rebootpy.Client(
    auth=rebootpy.RefreshTokenAuth(
        refresh_token=refresh_token
    )
)

await client.start()

How to Obtain a Refresh Token

Refresh tokens are automatically obtained when you authenticate with other methods. You can access the refresh token after successful authentication: 
import rebootpy

client = rebootpy.Client(
    auth=rebootpy.AuthorizationCodeAuth(
        code='your-authorization-code'
    )
)

@client.event
async def event_ready():
    # Access the refresh token
    print(f'Refresh Token: {client.auth.ios_refresh_token}')
    
    # Save it for future use
    with open('refresh_token.txt', 'w') as f:
        f.write(client.auth.ios_refresh_token)

await client.start()

Token Expiration

Refresh tokens typically expire after a certain period (usually 2 hours by default). The library automatically handles token refreshing during normal operation. However, if the refresh token expires, you’ll need to re-authenticate using another method.

When to Use RefreshTokenAuth

Use RefreshTokenAuth when:
  • You have a valid refresh token from a previous session
  • You want to avoid re-authenticating with user interaction
  • You’re implementing a session restoration feature
Don’t use RefreshTokenAuth for:
  • Initial authentication (use DeviceCodeAuth, AuthorizationCodeAuth, or AdvancedAuth instead)
  • Long-term credentials storage (use DeviceAuth instead)

Comparison with Other Auth Methods

MethodUse CasePersistence
RefreshTokenAuthShort-term session restoration2 hours (typical)
DeviceAuthLong-term automated authenticationUntil password reset
AuthorizationCodeAuthInitial user authenticationSingle use
DeviceCodeAuthUser-friendly interactive loginSingle use

Error Handling

If the refresh token is invalid or expired, the authentication will fail. The library will raise an HTTPException with message code: 
errors.com.epicgames.account.auth_token.invalid_refresh_token
In this case, you need to re-authenticate using another method: 
import rebootpy
from rebootpy.errors import HTTPException

try:
    client = rebootpy.Client(
        auth=rebootpy.RefreshTokenAuth(
            refresh_token=stored_refresh_token
        )
    )
    await client.start()
except HTTPException as e:
    if e.message_code == 'errors.com.epicgames.account.auth_token.invalid_refresh_token':
        print('Refresh token expired. Please re-authenticate.')
        # Fall back to another auth method
        client = rebootpy.Client(
            auth=rebootpy.DeviceCodeAuth()
        )
        await client.start()

Security Considerations

Refresh tokens are sensitive credentials. Treat them securely:
  • Store them encrypted or in secure storage
  • Don’t commit them to version control
  • Don’t share them publicly
  • Invalidate them when no longer needed

Best practices:

  1. Use environment variables in production
  2. Encrypt tokens when storing in files
  3. Rotate tokens regularly
  4. Use DeviceAuth for long-term storage instead

Invalidating a Refresh Token

To manually invalidate a refresh token: 
await client.auth.kill_token(client.auth.ios_refresh_token)
To invalidate all other sessions: 
await client.auth.kill_other_sessions()

Source

View source: rebootpy/auth.py:781

Build docs developers (and LLMs) love

Get started for freeTalk to us