Connor Slade
homeprojectswritingfilesgithub

projects » auth-reauth

Auto Reauth

created February 18th, 2024 • 2m reading time • 24 views
Animated GIF of trying to join a Minecraft server with an invalid session. The player is automatically re-authenticated and joins the server.

This is a Minecraft mod that automatically re-authenticates your session when it expires. Without this mod, you need to restart your game every time your session expires (about every day).

There are already a few in game re-authentication mods but if you are running an autonomous bot, none of the other mods will be of much help. If your bot is kicked from the server and tries to automatically reconnect but the session is invalid, then with any other re-auth mod you would have to manually click a button.

Download Links

The mod is available for download on the following platforms:

Usage

After installing, you will need to sign in through auto reauth, so it can store your authentication tokens. To do this, the mods’ config menu through mod menu and click “Login” to be redirected to the Microsoft login page. Now, anytime you open the multiplayer menu, auto reauth will check your session status, and re-authenticate if necessary. The tokens may expire after some time (like 90 days) so if you start having issues with the mod, try logging in again.

Do note that using this mod will store your authentication tokens in your config folder (config/auto-reauth/config.nbt). So just be careful about that.

How It Works

Before Microsoft took ownership of Mojang, Minecraft used a very simple authentication scheme with just a username and password. But now they use Microsoft OAuth2 Flow, which allows for more security but you need to get a OAuth 2.0 client ID by submitting an application form to get approval from Mojang (see Register an application with the Microsoft identity platform and AppID Review Form). The auth flow is pretty complicated with five main steps. You can learn more about the Microsoft Authentication Scheme on wiki.vg.

  • Get an access token (from oauth or refresh token)
  • Authenticate with Xbox Live
  • Get a XSTS token
  • Authenticate with Minecraft
  • Create a Minecraft Session

Using mixins, various multiplayer related screens are modified to check the current auth state and reauthenticate if needed. These screens include the connect, disconnect, multiplayer and realms screens.

© Connor Slade 2024 • v3.0.0 • Github