## Here is another way wThank you, I have successfully obtained the device secret following your tutorial.ithout having to use the Battle.net App

[ningmeng52022]

          ## Here is another way without having to use the Battle.net App 

1. Retrieve SSO Token:

• Go to https://account.battle.net/login/en/?ref=localhost. After logging in, ignore the 404 Error, but copy the token following ST= from the URL.
  • Example: EU-84902f44j57m687039586j7egdfa0a54-1165739690

2. Get Bearer Token:

• Replace <SSO_TOKEN> with the token you got from step 1 and execute the following curl command to obtain the Bearer Token:

  curl -X 'POST' \
  'https://oauth.battle.net/oauth/sso' \
  -H "content-type: application/x-www-form-urlencoded; charset=utf-8" \
  -d "client_id=baedda12fe054e4abdfc3ad7bdea970a&grant_type=client_sso&scope=auth.authenticator&token=<SSO_TOKEN>"

  • Response:

    {"access_token":"XXX","token_type":"bearer","expires_in":0,"scope":"auth.authenticator","sub":"XXX"}

• Copy the Bearer Token to use in steps 3, 4. or 5.

3. Get Serial & Restore Codes:

• Use the Bearer Token to fetch the Serial and Restore Codes of an existing authenticator:

  curl -X 'GET' \
  'https://authenticator-rest-api.bnet-identity.blizzard.net/v1/authenticator' \
  -H 'accept: application/json' \
  -H "Authorization: Bearer <BEARER_TOKEN>"

  • Response:

    {"Restore Code": "XXX", "Serial Number": "XXX"}

4. Get Existing Authenticator Device Secret:

• Use the Bearer Token, Serial, and Restore codes to retrieve the Device Secret of an Existing Authenticator:

  curl -X 'POST' \
  'https://authenticator-rest-api.bnet-identity.blizzard.net/v1/authenticator/device' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -H "Authorization: Bearer <BEARER_TOKEN>" \
  -d '{
    "restoreCode": "<RESTORE_CODE>",
    "serial": "<SERIAL>"
  }'

  • Response:

    {"serial":"XXX","restoreCode":"XXX","deviceSecret":"XXX","timeMs":0,"requireHealup":false}

5. Create and Add a New Authenticator:

• Use the Bearer Token to create and add a new authenticator to the users account :

  curl -X 'POST' \
  'https://authenticator-rest-api.bnet-identity.blizzard.net/v1/authenticator' \
  -H 'accept: application/json' \
  -H "Authorization: Bearer <BEARER_TOKEN>" \
  -d ''

  • Response:

    {"serial":"XXX","restoreCode":"XXX","deviceSecret":"XXX","timeMs":0,"requireHealup":false}

6. Add Authenticator to Password Manager.

• After you have obtianed the deviceSecret convert it from hex to base32 using echo "deviceSecret" | xxd -r -p | base32 on Linux/macOS or cryptii.com if on Windows

• Replace deviceSecret in the following URL: otpauth://totp/Battle.net?secret=deviceSecret&digits=8 with the newly obtained base32 device secret, and you should have a working TOTP.

Originally posted by @BillyCurtis in #38 (comment)

[stacksjb]

I just went through this, migrating to a new TOTP app (Byebye Authy, no thanks for terminating your Desktop app...)

A couple notes to help simplify:

1. If you already have an authenticator, you will do steps 3 and 4 (NOT 5) - you will request the secrets for your existing Authenticator into your TOTP app.
2. If you do NOT have an authenticator already attached, you will do step 5 (not 3 and 4), and create a new one.
   NOT both (If you try step 5 and already have an authenticator, you'll get an error that one is already attached - you can't attach a new one).

Also, for the HEX-> Base32 conversion, If you are on MacOS, they don't include base32 by default (you can install with brew, "brew install coreutils"). However, I'd just use Cyberchef (it's simpler than cryptii, doesnt' store data, and works on any platform.)

You can use this link: https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto')To_Base32('A-Z2-7%3D')

[sbates]

I appreciate this a lot. I used this method to setup battle net with 1Password.

[Mazwak]

Thanks a lot.

Worked perfectly to create a new token.

You could write that you can go to step 5 (skip 3 and 4) if you don’t have one already.

[Foxtrod89]

works fine with gauth, just pass it via qr code