Info
A client mod for LimboAuth
Test server: ely.su
Mod dependencies
Architectury API
Features of LimboAuth Client Mod
Saves session tokens to the config file (
.minecraft/config/limboauth.yml)You can set your own session token via the custom launcher
How does session token work
The server makes a token - a struct that contains an issue timestamp
The server signs this token with a private verify key (which you can see in the LimboAuth config)
The server sends the token to the client, the client saves it to the config file
When player joins the server, servers asks client if he has a session token
If the player has a session token, it sends it to the server
The server verifies the token via the private verify key
How to generate a session token
Pseudocode
# This key must be the same in the plugin config and in the server hash issuer
= = "testkey123"
= = unix_timestamp_millis ()
player_username = "TestPlayer123"
username_bytes = utf8.string_to_bytes(lower (player_username))
timestamp_bytes = big_endian.long_to_bytes(issue_timestamp)
# siphash 2-4 (default siphash) is used here
tokenhash = siphash.hash(verify_key, byte_concat(username_bytes, timestamp_bytes))
hash_bytes = big_endian.long_to_bytes(tokenhash)
token = base64.encode_to_string(byte_concat(timestamp_bytes, hash_bytes))When does the token expire?
The token expires if the player changes his password
See ISSUEDTIME database field
Last updated