Info

A client mod for LimboAuth Test server: ely.su

Mod dependencies

Architectury API

Features of LimboAuth Client Mod

Saves session tokens to the config file (.minecraft/config/limboauth.yml)
You can set your own session token via the custom launcher

How does session token work

The server makes a token - a struct that contains an issue timestamp
The server signs this token with a private verify key (which you can see in the LimboAuth config)
The server sends the token to the client, the client saves it to the config file
When player joins the server, servers asks client if he has a session token
If the player has a session token, it sends it to the server
The server verifies the token via the private verify key

How to generate a session token

Pseudocode

# This key must be the same in the plugin config and in the server hash issuer
= = "testkey123"
= = unix_timestamp_millis ()
player_username = "TestPlayer123"

username_bytes = utf8.string_to_bytes(lower (player_username))
timestamp_bytes = big_endian.long_to_bytes(issue_timestamp)

# siphash 2-4 (default siphash) is used here
tokenhash = siphash.hash(verify_key, byte_concat(username_bytes, timestamp_bytes))
hash_bytes = big_endian.long_to_bytes(tokenhash)

token = base64.encode_to_string(byte_concat(timestamp_bytes, hash_bytes))

When does the token expire?

The token expires if the player changes his password
See ISSUEDTIME database field

PreviousInfo NextInfo

Last updated 1 year ago