Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Here is my guide on how to attach an authenticator to a Battle.net account #42

Open
maaaaaaaaaaaaaaaaaaaaaaaa opened this issue Sep 25, 2024 · 3 comments
Open

Here is my guide on how to attach an authenticator to a Battle.net account #42

maaaaaaaaaaaaaaaaaaaaaaaa opened this issue Sep 25, 2024 · 3 comments

Comments

@maaaaaaaaaaaaaaaaaaaaaaaa
Copy link

Reposting my comment (see #38) as a new issue.

Hello everyone. Thanks to @BillyCurtis and @Gigafrost, I made it too! I have wrapped up both their methods, tested, and rewrote them for people who still are facing issues. Here is my guide on how to attach an authenticator to a Battle.net account.

Before Starting...

  1. This guide is only made for attaching a new authenticator.
  2. I have only tested this on a Windows machine.
  3. Everything here is based on my own results, and may differ for you.

Perquisites

  1. Have a phone number linked to your Battle.net account.
  2. Check if you have an attached authenticator to your Battle.net account and go ahead detaching it by going to account.battle.net > Security > Battle.net Authenticator - click "Detach" > and confirm by clicking "Detach" again. If you do not have an attached authenticator, skip this and go to Step 1.

Step 1. Retrieve SSO Token

  • Go to account.battle.net/login/en/?ref=localhost. Log in, and ignore the "404" error. From the URL bar, look for the "ST=" entry and copy the SSO token following it.
    • This is how the SSO Token should look like: EU-u33pyxqgx5l73zu936oujss6mabeyhry-1177987422 or US-u33pyxqgx5l73zu936oujss6mabeyhry-1177987422
    • The token starts with either "EU" or "US" depending from which country you logged in from.
    • If you received an error with the SSO Token in steps to follow, use a VPN to change the beginning format of the token. For example, if you received an error with an SSO Token that starts with "EU", then use a VPN to route your connection to the United States (make sure that you are at us.account.battle.net/login/en/?ref=localhost (or eu.account.battle.net/login/en/?ref=localhost if you are routing your connection from the United States to an EU country)) and retry Step 1 to retrieve an SSO Token that starts with "US" (or "EU"). This will not affect your Battle.net account region/payments/pricings or any similar settings and is intended for the authenticator only.

Step 2. Get Bearer Token

  • Replace <SSO_TOKEN> with the SSO Token you retrieved from Step 1 in the following command and execute it to obtain the Bearer Token.
  • Open CMD.
    • Run: 
       curl -X "POST" "https://oauth.battle.net/oauth/sso" -H "content-type: application/x-www-form-urlencoded; charset=utf-8" -d "client_id=baedda12fe054e4abdfc3ad7bdea970a&grant_type=client_sso&scope=auth.authenticator&token=<SSO_TOKEN>"
      • Response that you should be getting:
        {"access_token":"XXX","token_type":"bearer","expires_in":0,"scope":"auth.authenticator","sub":"XXX"}
  • Save the response somewhere safe, keep CMD open, and go ahead to Step 3.

Step 3. Attach a New Authenticator

  • Replace <BREARER_TOKEN> with the Bearer Token you retrieved from Step 2 in the following command and execute it to attach an authenticator to your Battle.net account and obtain Device Secret.
    • Run: 
       curl -X "POST" "https://authenticator-rest-api.bnet-identity.blizzard.net/v1/authenticator" -H "accept: application/json" -H "Authorization: Bearer <BEARER_TOKEN>"
      • Response that you should be getting:
        {"serial":"XXX","restoreCode":"XXX","deviceSecret":"XXX","timeMs":0,"requireHealup":false}
  • Now you have successfully attached an authenticator to your Battle.net account.
  • Save the response somewhere safe too and read Additional Notes below.

Additional Notes

  • Save both responses from Step 2 and Step 3 somewhere safe. Do NOT save it in your password manager as it may cause a security risk. Treat them like backup/recovery credentials. Feel free to save SSO Token too.
  • You can close CMD now.

Step 4. Setup the Attached Authenticator to a TOTP URL

  • After you have obtained deviceSecret, convert it from hex to base32 using cryptii.com/pipes/hex-to-base32.
  • Place deviceSecret with the following TOTP URL with the newly obtained Device Secret, and you should have a working TOTP URL.
    • otpauth://totp/Battle.net?secret=deviceSecret&digits=8
  • Lastly, paste the TOTP to an authenticator app or a password manager that supports TOTP.

Credits
@Dobbelklick
Copy link

Worked perfectly. I only had a problem with getting the SSO token because I didn't log out before using the first link.

@Archelius92
Copy link

Step 3 is not giving me a response, it comes back as blank

@maaaaaaaaaaaaaaaaaaaaaaaa
Copy link
Author

@Archelius92 Working fine on my end. Make sure you have a phone number linked to the Battle.net account and that there's no attached authenticator to it and try again

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Dobbelklick @maaaaaaaaaaaaaaaaaaaaaaaa @Archelius92