A feedback area designed for scripting and mods suggestions and feedback. Please note bug reports and support issues will be removed.

18

Return XUIDs on the Mojang API or add game profiles to MSA (oAuth)

6 Comments

Please sign in to leave a comment.

Sorted by oldest
  • 1
    Registered User commented
    Comment actions Permalink

    I've been writing a discord bot to allow minecraft players run limited rcon commands. Currently I verify them by sending an OTP to their players in game. Would be nice if I could verify them using a mojang oauth2 api instead

  • 1
    Registered User commented
    Comment actions Permalink

    @Moondog8627 that's for sure, and it would be safer in case you decide to make it public, so no man-in-the-middle could affect the end result and verify players on their behalf.

  • 1
    Registered User commented
    Comment actions Permalink

    Is there really no current way through the XBL API for 3rd-party server and website operators to verify that a user owns a game?

  • 1
    Registered User commented
    Comment actions Permalink

    @squeegily I did try using XBL, got it working, but sadly I was not able to exchange session tokens for Minecraft-related data. Still, an official way of doing it would be way better, as XBL is probably not really the ideal in terms of the legal part, aand... their server, yeah. they server have been soooo slow... It's really just not user friendly (so far)

  • 1
    Registered User commented
    Comment actions Permalink

    This request has been mostly satisfied by Microsoft allowing custom non-official projects to hook into Minecraft's relying party! This means this is already possible. XUIDs are NOT returned, but Mojang UUIDs and usernames are (good enough!). If you want to learn how to implement this new oAuth flow, check out https://wiki.vg/Microsoft_Authentication_Scheme

    Thank you so much Microsoft and Mojang for allowing this type of login flow! I actuallly didn't expect the oAuth login flow being publicly accessible before account migration becoming fully finished.

    Keep up the good work migrating the old accounts.

  • 0
    Registered User commented
    Comment actions Permalink

    Letting users login to your app using the "Authentication Scheme" way using microsoft oauth generates a token which can be used to login to the game and that token is shared with the website or am i missing something? This is way too much access granted to an app that should not be able to login to the game but rather only needs to retrieve the uuid of the logged in user…