samolego
[FeatureReq] Use Mojang authentication with premium users
Is your feature request related to a problem? Please describe. I'm using this on my server as the only alternative for login plugins on a Fabric server. Currently, when premium players (players that have bought the game) join my server, they have to register and use the login system that we have to prevent players using other one's account/username. This can be annoying to premium players since they have another less intrusive authentication system.
Describe the solution you'd like The mod should have a config option to ask premium players if they want to opt-out the login system and instead force anyone with that username to use the premium account, kicking them from the server if they aren't.
Describe alternatives you've considered
- Deal with it and have every player use the login system
- Search other auth mod (AFAIK there isn't any other for Fabric)
- Not using any login system at all
- Change the server to online mode
Additional context Most of the players on my server don't have a premium account, so changing it to online mode would mean many players leaving the server. Other players (like me), do have a premium account.
Hi, thank you for the suggestion! I've already been looking at this stuff, especially because this exists on Spigot. However, I had no luck trying to detect the state of the player (if session is valid or not). I will research on, but cannot promise anything.
This probably requires the server to be Online? I've read about some in Spigot. Spigot uses some magic packet wizardry to achieve its goal. Making Fabric servers online could circumvent some checks maybe.
server needs to be online
Yeah, probably. Could you maybe provide a link to the discussion?
I think asking the Mojang API as said here, without the at parameter, could be a way to check if the player should be premium (if it doesn't return null it's because the player is premium), then mixing in to ServerLoginNetworkHandler#onHello and redirecting MinecraftServer#isOnlineMode (if the player should be premium) to return true. That should make Minecraft handle the verification part and make things easier. I'm not sure if this would work as expected though.
This is now implemented with the latest commit (config->experimental->premiumAutologin). Server needs to set to online mode, and if the player should have a mojang account, server is represented as online. Otherwise server will just accept the player as a "cracked" one.
So how does it work?
As suggested by @ByMartrixx , we get the API response first, because the status of the player's profile cannot be determined from packet itself (uuid is populated afterwards). If player has a mojang account (API returned HTTP_OK), server continues as if it were in online mode (encryption, etc.).
But, if the player is not found, the state for the player's status is set to "ready to be accepted" and GameProfile is populated with offline-type data.
Feature is still marked as experimental, as there might be bugs. Please report them. Thanks for the support and suggestions you've all provided 😉 .
I tried this on a new aternos server and:
You lose everything and your account is that of a new player when switching from non-premium to premium
Couldn't get my bot into non-premium mode
But at least he didn't ask me to login and I had skin c:
You lose everything and your account is that of a new player when switching from non-premium to premium
That is because of how Minecraft handles online and offline uuid's. The online ones are always the same for a Minecraft account and don't depend on the username, while the offline ones are always the same for an username (case sensitive), that's why on an offline server, if you change your premium username and log back to the server you don't keep your data
That is because of how Minecraft handles online and offline uuid's. The online ones are always the same for a Minecraft account and don't depend on the username, while the offline ones are always the same for an username (case sensitive), that's why on an offline server, if you change your premium username and log back to the server you don't keep your data
yes, I know, but I understand that mixed minecraft servers by putting /premium and then confirming this does not happen since everything works with your nickname or with the same uuid, I don't know, but you don't lose anything on the well-configured mixed servers
Again, this is still experimental feature, but the problem that you've described is logical for the reasons that are described above.
How would you like this to be handled then?
- Player joins
- They're logged in if they have a Mojang account + their uuid is kept in offline style
- They can type sth. like
/account migratePremiumwhich changes their uuid to online-style
What would be even beter?
- auto migration of player data -> delete data for offline player after migration?
You lose everything and your account is that of a new player when switching from non-premium to premium
It's actually still saved, you just need to disable the autologin function and switch back to offline
How would you like this to be handled then?
- Player joins
- They're logged in if they have a Mojang account + their uuid is kept in offline style
- They can type sth. like
/account migratePremiumwhich changes their uuid to online-style
I'd like it to be something like:
- Player connects to their premium account but uuid offline
- Put
/account migratePremium - The server disconnects the player
- The player connects
- The server detects if the player has the same user as the one who put the command 5.1 In case it is so and has a different uuid (matching your Mojang API-verified nick) transfers all data from the old uuid.dat to the new uuid.dat, connects it to the server online mode and does not ask you to login 5.2 In case the uuid does not match that of the Mojang API means that it is non-premium, it only sends you a chat error and nothing happens with your account
I don't know if doing something like that is possible.
5.1 In case it is so and has a different uuid (matching your Mojang API-verified nick) transfers all data from the old uuid.dat to the new uuid.dat, connects it to the server online mode and does not ask you to login 5.2 In case the uuid does not match that of the Mojang API means that it is non-premium, it only sends you a chat error and nothing happens with your account
UUID is determined AFTER player joins the game, meaning that there's no way you could detect it before and check whether it's offline or online ...
EDIT: what I want to say is that player can have only 1 option; accept online only OR accept offline only ...
UUID is determined AFTER player joins the game, meaning that there's no way you could detect it before and check whether it's offline or online ...
EDIT: what I want to say is that player can have only 1 option; accept online only OR accept offline only ...
I said something like saving uuid and nick to check the next time someone connects with that nick to check if it's changed
I said something like saving uuid and nick to check the next time someone connects with that nick to check if it's changed
Yeah, that might be doable. But do you think it's better than auto migration? Especially for new players ..?
5.2 In case the uuid does not match that of the Mojang API means that it is non-premium, it only sends you a chat error and nothing happens with your account
I just wanted to clarify that this option is not possible, since player will get disconnected by their client (invalid session)
I said something like saving uuid and nick to check the next time someone connects with that nick to check if it's changed
Yeah, that might be doable. But do you think it's better than auto migration? Especially for new players ..?
For new players it is the best, but what about those who played before this option is in the mod or with the servers that put this mod with that option after they started?
5.2 In case the uuid does not match that of the Mojang API means that it is non-premium, it only sends you a chat error and nothing happens with your account
I just wanted to clarify that this option is not possible, since player will get disconnected by their client (invalid session)
ah, f
For new players it is the best, but what about those who played before this option is in the mod or with the servers that put this mod with that option after they started?
What's the problem with auto-migration for those?
Wouldn't you lose everything you have in your old uuid.dat? it would be like starting from 0
No, I was thinking that when player joins it is checked, whether they have any saved data - if yes, they're new players, no migration needed. Otherwise, import the data from their offline profile.
Old uuid.dat is left untouched, but it's not needed anymore anyways ...
Okay, perfect, but what if the player loses his premium and comes in with the same nick in offline account?
This is the same scenario as if a cracked player joins with the premium username; they will be kicked since account (still) exists, but their session is invalid. It is the way the system is implemented.
If account would be deleted for some reason, or server switches back to offline-mode, player would get inventory that is same as before the migration.
An update to this; I'm currently working on migrating player stats and advancements, but there are still some things which would be harder to migrate, e.g. villager discounts ...
That brought me back to thinking of providing an option to force offline uuids (for all players) even in online mode, which could be used by servers that didn't have the premiumAutologin enabled from start. It's not ideal, but it gives admins the ability to change things up rather than making them hardcoded ...
I think this feature is not working as intended or my other mods or proxy is messing with it, I tried loggin with an offline client with the same name of a premium account on my server and it logged like I was a premium user (not asking for password), if any info is needed just ask, I don't really know what can be helpful but I'm using a velocity proxy with offline mode disable but enabled online on the fabric-proxy mod and on the fabric server and it asked to register using an offline account and it didn't with my premium account, but when I opened a offline client with the same name as my premium account it didn't ask to register o login even when using session at 1 second timeout, don't know if the session has something to do with it, also tried another premium account names using an offline client and the same happened
Please open a new issue, as this seems to be a different problem ... Although I think it might be the velocity ...