Safely authenticate Minecraft accounts in development environments.

Note: If a version isn't listed above as supported, just try it. Additionally, the fabric module may work on other fabric-based loaders (such as legacy-fabric).

DevAuth can be used either by placing a jar in your mods folder or adding a maven dependency. Details about the two methods follow.

repositories {
    maven { url = "https://pkgs.dev.azure.com/djtheredstoner/DevAuth/_packaging/public/maven/v1" }
}

dependencies {
    // moduleName is based on your mod loader and minecraft version, see the table above
    // version is the DevAuth version you are adding, check releases on GitHub or the badge above
    // With loom use the modRuntimeOnly configuration
    // With archloom and the forge-legacy module use the runtimeOnly configuration to avoid warnings
    // With ForgeGradle 5 or NeoGradle, use the runtimeOnly configuration
    // With ForgeGradle 2, use the implementation configuration as runtimeOnly appears to be broken
    modRuntimeOnly("me.djtheredstoner:DevAuth-${moduleName}:${version}")
}

You can now enable and configure DevAuth. See the next section for how to do this.

DevAuth defaults to disabled, in order to be unobtrusive. You must enable DevAuth in order for it to log you in. Additionally, the configuration file will not be created if DevAuth is disabled. You should enable DevAuth once via the JVM property, so that it creates the configuration file, then you may configure it via the file.

DevAuth is configured through JVM properties and a configuration file. JVM Properties can set be by adding -D<propertyName>=<value> to your JVM arguments or by using System.setProperty before DevAuth is initialized (Fabric's preLaunch entrypoint for example). Additionally, your specific toolchain/gradle plugins may have specific ways to configure JVM properties.

The configuration file is called config.toml and is located in your DevAuth config folder.

# Choose if DevAuth should be enabled default. Overriden by the devauth.enabled property.
defaultEnabled = true

# Choose which account to use when devauth.account property is not specified
defaultAccount = "main"

# A Microsoft account
# You do not need to put any credentials in the configuration file, as OAuth is used to sign in
[accounts.main]
type = "microsoft"

# A second account, which can be selected by changing defaultAccount above or using the devauth.account property
[accounts.alt]
type = "microsoft"

When the devauth.account property is specified it takes precedence over the defaultAccount config option.

A default config will be automatically created when DevAuth is first enabled.

When logging in with a microsoft account for the first time, you will be given a link to open in a browser to complete OAuth, after that the token will be stored in a file called microsoft_accounts.json in your config directory. Future logins will use and refresh the stored tokens as necessary. You will be prompted to go through OAuth again once your refresh token expires (most likely to occur after a long period without using DevAuth) or is revoked.

DevAuth stores all credentials locally on your machine. The Microsoft account tokens are stored in microsoft_accounts.json inside the DevAuth configuration directory. The contents of this file are not encrypted, so do not share it or open it when it may be seen. If you want to revoke DevAuth's permissions or believe this file may have been compromised, DevAuth's permissions can be revoked here. Note that this does not immediately revoke all access tokens, due to design decisions by Microsoft. See here for more information.