Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] How can I determine whether the authserver I connected is Mojang or 3rd-party #170

Open
teddyxlandlee opened this issue Jul 24, 2022 · 3 comments
Open

[Question] How can I determine whether the authserver I connected is Mojang or 3rd-party #170

teddyxlandlee opened this issue Jul 24, 2022 · 3 comments

Comments

@teddyxlandlee
Copy link

As 1.19.1 releases, many players are concerning that they're possibly reported by others if their keypair are signed by Mojang, and they signed their chats.
However, keypairs signed by 3rd party yggdrasil servers can't be recognized by Mojang's report system.

What I'm planning to do is to develop a mod warning players who are connecting a Mojang-auth server which enforces secure profile.

How can I determine whether the player is connecting Mojang-auth or 3rd-party authserver?

Thank you.
@Lama3L9R

This comment was marked as off-topic.

Sign in to view
@teddyxlandlee

This comment was marked as off-topic.

Sign in to view
@yushijinhun
Copy link
Owner

With the release of authlib-injector v1.2.0, clients with authlib-injector will use a randomly-generated profile key, and an empty signature (\0). Both the server and the client will accept any profile key, regardless of whether the signature is valid or not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yushijinhun @Lama3L9R @teddyxlandlee