
Custom-Mojang-Auth
This library provides a convenient way for automatic user authentication on custom servers using their Mojang accounts. The solution works with any Minecraft version and ensures reliable player identification, which helps prevent identity theft and effectively enforce bans. The library is successfully used in the MCSR Ranked project.
How to Use
Client Side
To start working with the library, you need to initialize the authenticator in your mod:
String accessToken;
UUID uuid;
java.net.Proxy proxy;
String messagePrefix //optional parameter
ClientAuth.initialize(accessToken, uuid, proxy, messagePrefix);
Obtaining accessToken, uuid, and proxy depends on the Minecraft version. The player's UUID can usually be obtained in the following ways:
UUID uuid = net.minecraft.client.MinecraftClient.getInstance().getSession().getProfile().getId(); //for version 1.16.1
or
UUID uuid = net.minecraft.client.MinecraftClient.getInstance().getSession().getUuidOrNull(); //for version 1.20.2
Getting the accessToken is also quite simple:
String accessToken = net.minecraft.client.MinecraftClient.getInstance().getSession().getAccessToken();
Obtaining the proxy can be a bit more complex. In most versions, it is initialized in net.minecraft.client.main.Main.main(String args[]). Follow the Proxy object from there - it is usually passed to the net.minecraft.client.MinecraftClient constructor, and find a way to obtain it through method calls, reflection, mixins, or other approaches.
For version 1.20.2, the proxy can be obtained as follows:
Field field = net.minecraft.client.MinecraftClient.class.getField("authenticationService");
field.setAccessible(true);
java.net.Proxy proxy = ((com.mojang.authlib.yggdrasil.YggdrasilAuthenticationService)field.get(net.minecraft.client.MinecraftClient.getInstance())).getProxy();
For version 1.16.1, use the following approach:
java.net.Proxy proxy = ((com.mojang.authlib.yggdrasil.YggdrasilMinecraftSessionService)net.minecraft.client.MinecraftClient.getInstance().getSessionService()).getAuthenticationService().getProxy();
Server Side
Install the library:
npm install custom-mojang-auth
Use the following function to verify that data has been signed by the client:
function isValid(uuid, randomLong, data, date, publicKeyString, signatureBytes, payload)
where payload is an array.
Security and Privacy
The client simply signs messages using its private key, which can then be sent to the server. No login information or other confidential data ever leaves the client's device.