Minecraft Login Bridge

(Ryan Leach) #1

What would be the best method of a Minecraft to Discourse login bridge?

Mojang do not currently have OpenID or equivalent and asking users for their user/pass is horrendous but seems to be practised by some.

You could generate links that get sent ingame that authenticate / create the user, and optionally prompt for a forum username and password once the Mojang UUID is attached somehow?

But how do you deal with users who sign up from the website, who do not have an attached UUID?

@riking Just figured I would tag you due to your previous experience.

(Kane York) #2

Discourse requires email for account association. Federated login with Mojang is not possible.

What you can do is add a custom profile field that asks for their Minecraft username, which people are free to fill out if they want to. Do this at /admin/customize/user_fields.

(Ryan Leach) #3

How could you prevent people from filling this out incorrectly or impersonating others?

Ideally I would use the custom field as a username/display name as well as using skins as avatars.

(Kane York) #4

The accepted method of verifying ownership of a Minecraft account is requesting the account owner to upload a skin with a nonce encoded in the non-displaying portions of the image. This can be easily implemented with image manipulation and a state machine.

An extensibility point for extra avatar providers is in the works, I think.

(Slind) #5

why not let the user join a “auth” server which kicks him with a tag/captcha (generated with a salt key from the uuid) as message, required on registration? easier to implement and use than via a skin. Then run an username fetch to get the up to date names once a day for all active users. (If the tag/captcha is required for password reset you might to limit its use for a few minutes)

(Kane York) #6

No, that’s not really easier to use - it requires running another whole server, so you need to get people to connect to it, and your outlined scheme has some pretty delayed verification.

Also, this isn’t really on-topic here.

(Slind) #7

how is it delayed?

What is faster, starting up the game and connecting to a server “address given on registration” or download a file, logging into the skin database, uploading it and waiting for it to be updated o?

Why would this be an issue? 256MB RAM would be enough. Its not like that you have a discourse board and a 0815 server with control panel? Unless you pay 200$ a month for the hosted one.

The question was on how to make sure that users register with their minecraft name/uuid, or am I mistaken?


This wiki about Minecraft authentication might be useful and might be able to be used to create an authentication platform, but I don’t have the coding skills to do it.

Can someone who does look at it and see how feasible it is?