imported>P schneider |
imported>Oxodao |
| Line 1: |
Line 1: |
| == New Base URL ==
| | #REDIRECT [[Talk:Legacy Mojang Authentication]] |
| | |
| Since the new base url used for authentication is https://login.minecraft.net/ does that mean it would use https://login.minecraft.net/getversion.jsp or https://login.minecraft.net/game/getversion.jsp ?
| |
| | |
| :The URL is just "https://login.minecraft.net/". Post straight there with the content "user=...&password=...&version=..." (without quotes). <b>~ [[User:Ribose|<span style="color:green">Ribose</span>]] · </b> 19:29, 20 October 2011 (MST)
| |
| | |
| == New auth response? ==
| |
| | |
| I'm now seeing the auth server respond with (in the HTTP body) the following: "2\r\nOK\r\n0\r\n\r\n" (interpret that as a C string). Anyone seen different, or have any insights?
| |
| | |
| --[[User:Huin|Huin]] 15:19, 20 November 2011 (MST)
| |
| | |
| :What URL specifically? [[User:Barneygale|Barneygale]] 05:44, 21 November 2011 (MST)
| |
| | |
| :Sorry - should have said: http://session.minecraft.net/game/joinserver.jsp?user=XXXX&sessionId=XXXX&serverId=XXXX I was having trouble with my implementation of the minecraft server (ChunkyMonkey), and decided to sniff the traffic that the official server was sending, and got the above. --[[User:Huin|Huin]] 12:19, 21 November 2011 (MST)
| |
| :Just realised that that was probably the client. I'm gonna run another packet sniff. --[[User:Huin|Huin]] 12:21, 21 November 2011 (MST)
| |
| :So the URL I was really interested in was the checkserver one, i.e /game/checkserver.jsp?user=XXXX&serverId=XXXX - for which the response is quite similar: "3\r\nYES\r\n0\r\n\r\n" --[[User:Huin|Huin]] 12:46, 21 November 2011 (MST)
| |
| ::So this is actually HTTP chunking. See how you've got a <code>Transfer-Encoding: chunked</code> header? [http://en.wikipedia.org/wiki/Chunked_transfer_encoding] [[User:Barneygale|Barneygale]] 09:08, 22 November 2011 (MST)
| |
| :::Facepalm. Yep. That'll be it. --[[User:Huin|Huin]] 12:12, 22 November 2011 (MST)
| |
| | |
| == Signature in textures ==
| |
| | |
| The base64 in the "signature" section of "textures" is base64; it's just data signed with Yggdrasil's private key and is verified with a SHA1withRSA public key.
| |
| | |
| Source:
| |
| Signature signature = Signature.getInstance("SHA1withRSA");
| |
| signature.initVerify(publicKey);
| |
| signature.update(this.value.getBytes());
| |
| return signature.verify(Base64.decodeBase64(this.signature));
| |
| | |
| Comes from Property.java in the Yggdrasil Authlib.
| |
| | |
| == Obtaining Twitch Access Token ==
| |
| | |
| You must add ''''requestUser':true''' to the request when your are authenticating an user or refreshing an access token.
| |
| | |
| Example request and response for '''requestUser''' have been added to the Article.
| |
| The supplied Twitch token is an OAuth token that can be used to directly communicate with the Twitch API. (e.g. https://api.twitch.tv/kraken?oauth_token=...)
| |
| So unlike '''preferredLanguage''' the '''twitch_access_token''' parameter has sensitive information that should not be shared or published in crash logs.
| |
| I don't know where the the value for '''preferredLanguage''' can be set. For my account it is set to '''de''', which makes sense since I'm from Germany. I probably somewhere selected German when registering my Mojang/Minecraft account in March 2016. It looks like older accounts don't have this attribute. I know some people have it set to en and I assume there are many other language codes possible (ISO 639-1). --[[User:P schneider|P schneider]] ([[User talk:P schneider|talk]]) 18:52, 10 August 2016 (UTC)
| |
| | |
| == How to see what the vanila launcher does with the authoritation data ==
| |
| | |
| The vanilla launcher also talks using these server, but sometimes its usefull to see how vanila interacts with authserver.mojang.com to debug the process of your own launcher.
| |
| | |
| The following code looks at the traffic between authserver.mojang.com and the local vanila client (the minecraft.jar downloaded from minecraft.net) and prints out the raw http contents inside the https stream.
| |
| | |
| Use it only for debugging purposes, do NOT include it into malware minecraft launchers:
| |
| | |
| https://gist.github.com/ferrybig/bab8c6f737be5f63189c
| |
| | |
| Using this class I discovered that vanilla uses '''"requestUser": true''' to get more information about the user, including the Twitch access token. All information discovered by this can be useful to put into the main page.
| |