Comments (26)
Try it ;)
Also see https://github.com/PrismarineJS/prismarine-auth
from prismarine-web-client.
Add a nice menu for it
Cache the token in local storage
from prismarine-web-client.
Password has been temporarily removed.
However, I think it should still be possible to optionally put a password there (with some warnings), so this works on all servers.
Still important to make this work
In some contexts (for example if you host the proxy yourself), it's completely secure to have the password in the browser
in a public demo context in can be ok with some warnings imo
from prismarine-web-client.
Some more information
yggdrasil:
- /auth
- /join
both of those need to be called in sequence
One option could be to ask the user to run 2 fetch command in a https://authserver.mojang.com/
tab
It's very clunky but it works
Another option is to go through the proxy. We can't simply use net-browserify because yggdrasil uses node fetch which uses https which doesn't use net
Options:
- use a socks5 or https proxy and pass that to yggdrasil : not obvious what package to use to host this, plus it's one more thing to host ; tried : proxy-agent doesn't work in the browser ; https://www.npmjs.com/package/socksv5 is an easy way to run a proxy
- make yggdrasil use net somehow so we can just keep using net-browserify for this too
For microsoft all of this is a bit different but also doesn't solve everything. But anyway most accounts are still yggdrasil
from prismarine-web-client.
doing a completely custom auth proxy is probably the best way in this proxy path
from prismarine-web-client.
https://github.com/Rob--W/cors-anywhere
https://wiki.vg/Protocol_Encryption#Authentication
https://wiki.vg/Authentication
from prismarine-web-client.
#154 works but insecure
idea from circuit10: forge an https request in the browser, send it with websocket, then directly send that request to the mojang server without decrypting
that way the proxy does not see the password
may solve the security issue.
However it does not solve the "this ip looks like a vpn" issue
from prismarine-web-client.
https://bugs.mojang.com/browse/WEB-2776?jql=text%20~%20%22Cors%22
The best solution is for mojang to fix this.
There's a small chance there is some hope if we provide a motivating use case by having pweb-client have some success
from prismarine-web-client.
Hello, would this be any easier now that Microsoft is migrating accounts to their auth?
from prismarine-web-client.
Would it be possible to use OAuth for migrated accounts? It's somewhat more secure as it doesn't give out a password.
from prismarine-web-client.
using microsoft auth is required for some account yes, but it doesn't make things any easier as multiple APIs necessary for the process (eg xboxlive ones) do not return CORS headers
from prismarine-web-client.
What about this? (https://mojang-api-docs.netlify.app/authentication/msa.html)
from prismarine-web-client.
@y2k04 last time we checked there was no way to use it without cors headers but if you want to try, that would be great to hear otherwise
from prismarine-web-client.
Couldn't a https://github.com/Rob--W/cors-anywhere proxy be set up?
from prismarine-web-client.
yes
from prismarine-web-client.
Couldn't a https://github.com/Rob--W/cors-anywhere proxy be set up?
You could use Heroku or AWS to host this service?
from prismarine-web-client.
Don’t think hosting is an issue, passing credentials through our servers poses several security issues though
from prismarine-web-client.
Don’t think hosting is an issue, passing credentials through our servers poses several security issues though
Then why not use a handshake protocol? (Comparing values sent by the client to the server and vice versa, and encrypting it with client specific codes which are randomly generated)
from prismarine-web-client.
Not sure I understand, but we can’t implement anything MC server side
from prismarine-web-client.
Not sure I understand, but we can’t implement anything MC server side
Just like the proxy, but we use that to authenticate with Microsoft
from prismarine-web-client.
The way to do authentification is handled by Mojang, we cannot change anything about that
Yes we could setup an auth proxy. It would likely get banned quickly by Mojang but I guess if we want to try i could do it
from prismarine-web-client.
It would likely get banned quickly by Mojang
Probably only if there were a lot of incorrect logon attempts. The proxy can implement its own rate limiting if that's a concern.
from prismarine-web-client.
from prismarine-web-client.
Maybe we could use a browser extension instead of a proxy.
Could be similar to this.
from prismarine-web-client.
if there was a good extension we could at least provide the alternative to the user yes
from prismarine-web-client.
What about this? (It is incredibly easy to create a Azure App Registration, I've already created a Test App to attempt to learn how the auth works 😀)
https://www.npmjs.com/package/@azure/msal-browser
from prismarine-web-client.
Related Issues (20)
- how do i use it the ip is an ip but it wont load HOT 1
- cant join a server HOT 1
- c
- (console logs) Client not connecting to server. Endless loading screen or p(0) undefined disconnect reason. HOT 2
- Memory leak in prismarine-web-client HOT 8
- pwc uses threejs 0.127.0 and pviewer uses threejs 0.128.0
- NPM install error HOT 2
- Cannot connect to any server HOT 5
- cant connect to the web version HOT 1
- version HOT 2
- Fix publish build
- dmca notice HOT 2
- Menu stuck on white screen HOT 1
- It's Only A Blackscreen HOT 5
- Login with Microsoft
- This project's live preview link is not working HOT 1
- It swears at the nodejs version, and this is in the browser. How so? HOT 9
- build error HOT 2
- default server can't login HOT 2
- have a cron test to make sure this keeps running
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from prismarine-web-client.