Implement player certificate fetching for Mojang auth#1409
Open
evan-goode wants to merge 2 commits intoPrismarineJS:masterfrom
Open
Implement player certificate fetching for Mojang auth#1409evan-goode wants to merge 2 commits intoPrismarineJS:masterfrom
evan-goode wants to merge 2 commits intoPrismarineJS:masterfrom
Conversation
3 tasks
evan-goode
force-pushed
the
evan-goode/custom-auth
branch
from
98061dc to
6abf994
Compare
extremeheat
approved these changes
Jul 25, 2025
evan-goode
force-pushed
the
evan-goode/custom-auth
branch
from
9b32bb0 to
2080118
Compare
Contributor
Author
|
Thanks for the approval. The CI failure seems to be transient and unrelated. |
rom1504
reviewed
Sep 7, 2025
evan-goode
force-pushed
the
evan-goode/custom-auth
branch
from
2080118 to
f1b4c68
Compare
Borrows the fetchCertificates implementation from prismarine-auth
evan-goode
force-pushed
the
evan-goode/custom-auth
branch
from
f1b4c68 to
920f38f
Compare
Contributor
Author
|
Rebased and replace the use of async/await with an additional callback. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
"Mojang auth" (now ironically named) is still in use today by custom authentication servers. We are grateful for node-minecraft-protocol's continued support for it! Some of these custom authentication servers [0][1] support player certificates just like Mojang's API servers do, at the
$servicesServer/player/certificatesendpoint (when using Mojang's servers,$servicesServer = https://api.minecraftservices.com). The process for fetching player certificates is no different when using a Microsoft account or a Mojang/other account. It works like any other Mojang API route that requires an accessToken. But in node-minecraft-protocol, Microsoft authentication, including certificate fetching, is done in prismarine-auth and certificate fetching isn't implemented for third-party accounts.This PR copies the certificate fetching logic from prismarine-auth to
mojangAuth.jsin node-minecraft-protocol to make certificate fetching work with third-party accounts. Certificate fetching can be disabled by settingdisableChatSigning: truejust like with Microsoft accounts. If certificates fetching fails, a warning is printed and login continues.An alternative approach to copying would be to export
fetchCertificatesfrom prismarine-auth and somehow make it possible to override theservicesServerthere. But IMHO the cleaner option is to duplicate the code in node-minecraft-protocol, it's only ~20 lines.[0] https://github.com/unmojang/drasl
[1] https://ely.by/