Authentication
You can authenticate users with different methods in your Launcher. You can use MicrosoftAuth to authenticate users with Microsoft, YggdrasilAuth to authenticate users with a Yggdrasil server, AzAuth to authenticate users with Azuriom, and CrackAuth to authenticate users with a crack account.
Warning
Mojang accounts are no longer supported by Minecraft. You must now use a Microsoft account.
Microsoft authentication
Warning
Microsoft authentication requires Electron! Please install Electron with npm i electron.
import { MicrosoftAuth } from 'eml-lib'
import { app, BrowserWindow } from 'electron'
app.whenReady().then(authUser)
async function authUser() {
// Create a simple window for demo.
const mainWindow = new BrowserWindow()
const auth = new MicrosoftAuth(mainWindow)
try {
const account = await auth.auth()
} catch (err) {
console.error(err)
}
}MicrosoftAuth constructor
| Parameter | Type | Description | Required? |
|---|---|---|---|
window | Electron.BrowserWindow | Your Electron application’s main window (to create a child window for the Microsoft login). | Yes |
clientId | string | Your Microsoft application’s client ID. | No (default is Minecraft client ID) |
MicrosoftAuth.auth() method
Authenticate a user with Microsoft. This method will open a child window to login.
Returns: Promise<Account> - The account information.
Throws: AUTH_ERROR - If the authentication fails.
MicrosoftAuth.validate() method
Validate a user with Microsoft. This method will check if the user’s token is still valid.
| Parameter | Type | Description | Required? |
|---|---|---|---|
user | Account | The user account to validate. | Yes |
Returns: Promise<boolean> - true if the user is valid, false otherwise (then you should refresh the user).
MicrosoftAuth.refresh() method
Refresh a user with Microsoft. This method will renew the user’s token.
| Parameter | Type | Description | Required? |
|---|---|---|---|
user | Account | The user account to refresh. | Yes |
Returns: Promise<Account> - The refreshed account information.
Throws: AUTH_ERROR - If the refresh fails.
Yggdrasil authentication
If you have a custom Yggdrasil server, you can authenticate users with it using YggdrasilAuth.
Warning
While Yggdrasil has been deprecated by Mojang/Microsoft, the API is maintained by a community who wants to keep the protocol alive. Usage of a custom authentication server may or may not violate Minecraft’s Terms of Service: make sure to validate your player’s Minecraft ownership!
import { YggdrasilAuth } from 'eml-lib'
authUser()
async function authUser() {
const auth = new YggdrasilAuth('https://my-yggdrasil-server.com')
try {
const account = await auth.auth('GoldFrite', 'MyPassword123')
} catch (err) {
console.error(err)
}
}YggdrasilAuth constructor
| Parameter | Type | Description | Required? |
|---|---|---|---|
url | string | The URL of your Yggdrasil server. | Yes |
YggdrasilAuth.auth() method
Authenticate a user with Yggdrasil.
| Parameter | Type | Description | Required? |
|---|---|---|---|
username | string | The username, email or player name of the user. | Yes |
password | string | The password of the user. | Yes |
Returns: Promise<Account | MultipleProfiles> - The account information. If the account has multiple profiles, it returns a MultipleProfiles object containing the account and the list of profiles; then you need to call YggdrasilAuth.selectProfile() to select the profile to use.
Throws: AUTH_ERROR - If the authentication fails.
YggdrasilAuth.selectProfile() method
Select a profile for a user with multiple profiles. This method is used when the YggdrasilAuth.auth() method returns a MultipleProfiles object.
| Parameter | Type | Description | Required? |
|---|---|---|---|
profiles | MultipleProfiles | he multiple profiles information returned by the YggdrasilAuth.auth() method. | Yes. |
select | { id?: string, name?: string } | The profile to select, either by ID or name. If both are provided, ID will be used. | Yes. |
Returns: Account - The account information with the selected profile.
Throws: AUTH_ERROR - If the profile selection fails.
YggdrasilAuth.validate() method
Validate a user’s access token with Yggdrasil. This method will check if the token is still valid.
| Parameter | Type | Description | Required? |
|---|---|---|---|
user | Account | The user account to validate. | Yes |
Returns: Promise<boolean> - true if the user is valid, false otherwise (then you should refresh the user).
YggdrasilAuth.refresh() method
Refresh the Yggdrasil user.
| Parameter | Type | Description | Required? |
|---|---|---|---|
user | Account | The user account to refresh. | Yes |
Returns: Promise<Account> - The refreshed account information.
Throws: AUTH_ERROR - If the refresh fails.
YggdrasilAuth.logout() method
Logout a user from Yggdrasil.
Note
This method use invalidate. invalidate is preferred over signout as signout invalidates all sessions and invalidate invalidates only the current one.
| Parameter | Type | Description | Required? |
|---|---|---|---|
user | Account | The user account to logout. | Yes |
Returns: Promise<void>
Throws: AUTH_ERROR - If the logout fails.
Azuriom authentication
If you have a website running Azuriom, you can authenticate players with their account on your website, using AzAuth. To use AzAuth, you need to enable Auth API in your Azuriom website settings.
Warning
You must check the user’s access token from your Minecraft server to ensure that the user is authenticated. See verify endpoint in the Azuriom documentation.
import { AzAuth } from 'eml-lib'
authUser()
async function authUser() {
const auth = new AzAuth('https://my-azuriom-website.com')
let account
try {
account = await auth.auth('GoldFrite', 'MyPassword123')
} catch (err) {
if (err.code === 'TWOFA_CODE_REQUIRED') {
try {
account = await auth.auth('GoldFrite', 'MyPassword123', '123456')
} catch (err) {
console.error(err)
}
}
console.error(err)
}
}AzAuth constructor
| Parameter | Type | Description | Required? |
|---|---|---|---|
url | string | The URL of your Azuriom website. | Yes |
AzAuth.auth() method
Authenticate a user with Azuriom.
| Parameter | Type | Description | Required? |
|---|---|---|---|
username | string | The username or email of the user. | Yes |
password | string | The password of the user. | Yes |
twoFACode | string | The two-factor authentication code. | No |
Returns: Promise<Account> - The account information.
Throws: TWOFA_CODE_REQUIRED - If the two-factor authentication code is required. • AUTH_ERROR - If the authentication fails.
AzAuth.verify() method
Verify a user with Azuriom.
| Parameter | Type | Description | Required? |
|---|---|---|---|
user | Account | The user account to verify. | Yes |
Returns: Promise<Account> - The account information.
Throws: AUTH_ERROR - If the verification fails.
AzAuth.logout() method
Logout a user from Azuriom.
| Parameter | Type | Description | Required? |
|---|---|---|---|
user | Account | The user account to logout. | Yes |
Crack authentication
Caution
This authentication method is not secure and not legal. Please use crack authentication for tests and development purpose only.
import { CrackAuth } from 'eml-lib'
const account = new CrackAuth().auth('GoldFrite')CrackAuth.auth() method
Authenticate a user with a crack account.
| Parameter | Type | Description | Required? |
|---|---|---|---|
username | string | The username of the user. | Yes |
Returns: Account - The account information.
Throws: AUTH_ERROR - If the username is invalid.