LimboAuth Client Mod
Client mod for integration with the LimboAuth plugin, providing automatic player authorization.
Main Features
- Saving session tokens in the configuration file (
.minecraft/config/limboauth.yml) - Ability to set your own session token via custom launcher
How Session Tokens Work
The authorization system operates according to the following algorithm:
- Server generates a token - a data structure containing a creation timestamp
- Token is signed with a private verification key (which can be found in LimboAuth configuration)
- Server sends the token to the client, which saves it in the configuration file
- When connecting to the server, the system checks if the player has a session token
- If the token is present, it is sent to the server for verification
- Server verifies the token using the private key
Session Token Generation
Example pseudocode for token creation:
# This key must match in the plugin configuration and server hash generator
verify_key = "testkey123"
issue_timestamp = unix_timestamp_millis()
player_username = "TestPlayer123"
username_bytes = utf8.string_to_bytes(lower(player_username))
timestamp_bytes = big_endian.long_to_bytes(issue_timestamp)
# Uses siphash 2-4 (standard siphash)
tokenhash = siphash.hash(verify_key, byte_concat(username_bytes, timestamp_bytes))
hash_bytes = big_endian.long_to_bytes(tokenhash)
token = base64.encode_to_string(byte_concat(timestamp_bytes, hash_bytes))Token Expiration
The session token becomes invalid in the following cases:
- Player changes account password
- Expiration of validity period (see ISSUEDTIME field in database)
