A client mod for LimboAuth
Test server: ely.su
- Architectury API
- Saves session tokens to the config file (
.minecraft/config/limboauth.yml
) - You can set your own session token via the custom launcher
- The server makes a token - a struct that contains an issue timestamp
- The server signs this token with a private verify key (which you can see in the LimboAuth config)
- The server sends the token to the client, the client saves it to the config file
- When player joins the server, servers asks client if he has a session token
- If the player has a session token, it sends it to the server
- The server verifies the token via the private verify key
Pseudocode
# This key must be the same in the plugin config and in the server hash issuer
verify_key = "testkey123"
issue_timestamp = unix_timestamp_millis()
player_username = "TestPlayer123"
username_bytes = utf8.string_to_bytes(lower(player_username))
timestamp_bytes = big_endian.long_to_bytes(issue_timestamp)
# siphash 2-4 (default siphash) is used here
tokenhash = siphash.hash(verify_key, byte_concat(username_bytes, timestamp_bytes))
hash_bytes = big_endian.long_to_bytes(tokenhash)
token = base64.encode_to_string(byte_concat(timestamp_bytes, hash_bytes))
- The token expires if the player changes his password
- See ISSUEDTIME database field
Your donations are really appreciated. Donations wallets/links/cards: