Custom Authentication

Now, I don’t know a single thing about Mojang’s feelings towards unofficial authentication, or really the forum’s (even though ik that the forum doesn’t support piracy or anything like that).

What I’m kind of thinking about is basically, in the event of where Mojang’s authentication services are down temporarily or permanently, are there unofficial login servers anywhere? If there are, id assume they don’t do anything with Mojang’s api to verify that people actually OWN minecraft, which is unfortunate.

Just kinda curious if anything exists yet, really.

There is “OfflineMode” that can be found in the settings that outright doesn’t check that the user logging in is authentic. This can be found on the file on any server.

As far as i know. that is the closest you will get to unoffical login servers

I actually wrote some custom logon server software. Its kinda neat.

Id share a screenshot but mobile files are broken in 11

All I got atm screenshot wise but I’ve got in game working. Trying to get skin signatures working but I doubt ill make that work because of that damn RSA signature crap

I’ve theorized replacing the server’s auth system with a custom one to allow verified admins to join while the auth or session servers are down, but I’ve never actually looked into doing it.

From my understanding, the launcher authenticates it’s auth-token with Mojang then receives a session-token. When joining a server, the client’s session-token is sent to the server which forwards it to the session-server for authentication.

My theory was to cache the session tokens and their IP for an hour after the player has left. Once they rejoin, if the servers are down and their information is still cached, we check if they are the same and let them in based on the result.

With this method, even f2p users still cant join as they are still required to get a session-token and to join the server before the outage.

I am curious to see what your method works. I’ve never thought of creating an unofficial server.

It basically emulates the authentication flow. I haven’t got session refreshing or verification yet but you can successfully login and authenticate with the session server I wrote. You have to modify some SSL stuff and redirect some domains to the servers IP, but it works.

Future plans are to allow users to “import” their Mojang account, including account creation date by passing their username and password into the application, which will login server side and start pulling information.

HuskyAuth. Now with skins or something neat.