Add api for custom authentication #3670
Conversation
Outfluencer
changed the title
|
any thoughts on this? |
|
What's the actual use case? |
|
Setting auth data with a cookie. Transfer the player to another bungee, set authentificate to false, and authentificate the player by the signed or encrypted cookie auth data without contact the auth server of mojang |
|
What's the purpose of that though, speed? Doesn't it also place the client at a MITM risk given there's no verification with Mojang servers? Do other client functions like skins and secure chat work given the client thinks its offline mode when it's actually online mode? |
|
The client also think it is in online mode everything works |
|
It can have many purposes speed could be one of them also you could connect to the server if the auth server are offline and you could change the profile of the player, or skin data to whatever the plugin developer wants |
|
Could you please explain the MITM risk? I don't think that there are real risk as mojang added this feature exactly for that reason |
Well because there is no challenge response and the server is offline, you could just pass the encrypted cookie straight through to authenticate |
|
Edit: Wrong |
|
How does that help? |
Uh yeah, my bad. That does not help prevent mitm. So in such cases think mojang has added a feature without this in mind and its only purpose was to ease the load on mojang's auth servers. |
Weird that Vanilla doesn't do anything with it then. I wonder if it was really just a poorly thought out example, as there are clear other uses for the cookies (eg, eliminating or making much easier the use of a database to maintain player state) Alternatively, perhaps by authentication they meant things such as remembering a 2fa session |
|
That doesn't make sense. 2fa session stuff is handled by microsoft's login system, not minecraft related. How could vanilla do anything with the authenticate boolean, its a thing solely meant for customized multiplayer networks cross-server stuff. But tbh many server networks might not care about MITM or even encryption, I was thinking about using this transfer API to get rid of encryption CPU time on bungee after authentication with a plugin or so. |
I meant a server side 2fa plugin
True, now I'm confused how the authenticate boolean is different from offline mode |
You connection is still encrypted |
If you ignore MITM as risk. Edit: A serverside, in-minecraft 2fa system can not eliminate MITM, just like cookies can not. |
depends on the usecase, if i have a server with a static ip that i use as a proxy i could securly authentificate by it for example. |
The MITM risk can not be eliminated. With mojang authentication, the mitm risk is only when mojang/microsoft servers/certificate is leaked. Without mojang authentication, the mitm risk is just as high as unencrypted connection. asymmetric into symmetric Encryption like Minecraft uses, without verified other endpoint, only provides protection against read-only MITM, but not write/change-able MITM. |
PreLoginEvent now has an option for disabling the authentification, if disabled after encryption a custom authentification event is called to authentificate the player, In this event the session data can be set (if not set an exception is thrown (client gets kicked))
Its possible now to cache the session of a player by their ip address as example or to authentificate the player with Cookie data
as mentioned by mojang here