Safely authenticate Minecraft accounts in development environments.
| Versions | Module | Supported |
|---|---|---|
| 1.14 - 1.21 Fabric | fabric |
✅ |
| 1.8.9 - 1.12.2 Forge | forge-legacy |
✅ |
| 1.14 - 1.21 Forge | forge-latest |
✅ |
| 1.20.4 - 1.21 NeoForge | neoforge |
✅ |
Note: If a version isn't listed above as supported, just try it. Additionally, the fabric module may work on other fabric-based loaders (such as legacy-fabric).
DevAuth can be used either by placing a jar in your mods folder or adding a maven dependency. Details about the two methods follow.
Jar
Download a DevAuth jar from the releases, place it in your mods folder and configure it using the configuration section below.
Maven Dependency
Add the DevAuth repository
repositories {
maven { url = "https://pkgs.dev.azure.com/djtheredstoner/DevAuth/_packaging/public/maven/v1" }
}Add the DevAuth dependency
dependencies {
// moduleName is based on your mod loader and minecraft version, see the table above
// version is the DevAuth version you are adding, check releases on GitHub or the badge above
// With loom use the modRuntimeOnly configuration
// With archloom and the forge-legacy module use the runtimeOnly configuration to avoid warnings
// With ForgeGradle 5 or NeoGradle, use the runtimeOnly configuration
// With ForgeGradle 2, use the implementation configuration as runtimeOnly appears to be broken
modRuntimeOnly("me.djtheredstoner:DevAuth-${moduleName}:${version}")
}You can now enable and configure DevAuth. See the next section for how to do this.
DevAuth defaults to disabled, in order to be unobtrusive. You must enable DevAuth in order for it to log you in. Additionally, the configuration file will not be created if DevAuth is disabled. You should enable DevAuth once via the JVM property, so that it creates the configuration file, then you may configure it via the file.
DevAuth is configured through JVM properties and a configuration file.
JVM Properties can set be by adding -D<propertyName>=<value> to your JVM arguments
or by using System.setProperty before DevAuth is initialized
(Fabric's preLaunch entrypoint for example). Additionally, your specific
toolchain/gradle plugins may have specific ways to configure JVM properties.
| Property | Description | Default |
|---|---|---|
devauth.enabled |
Enables DevAuth | false |
devauth.configDir |
Selects the config directory | See below |
devauth.account |
Select the account to log into | none |
The configuration file is called config.toml and is located in your DevAuth config
folder.
| OS | Default config directory |
|---|---|
| Windows | C:\Users\<user>\.devauth |
| MacOS | /Users/<user>/.devauth |
| Linux | $XDG_CONFIG_HOME/devauth, defaulting to ~/.config/devauth |
# Choose if DevAuth should be enabled default. Overriden by the devauth.enabled property.
defaultEnabled = true
# Choose which account to use when devauth.account property is not specified
defaultAccount = "main"
# A Microsoft account
# You do not need to put any credentials in the configuration file, as OAuth is used to sign in
[accounts.main]
type = "microsoft"
# A second account, which can be selected by changing defaultAccount above or using the devauth.account property
[accounts.alt]
type = "microsoft"When the devauth.account property is specified it takes precedence over the
defaultAccount config option.
A default config will be automatically created when DevAuth is first enabled.
When logging in with a microsoft account for the first time, you will be given a
link to open in a browser to complete OAuth, after that the token will be stored
in a file called microsoft_accounts.json in your config directory. Future logins
will use and refresh the stored tokens as necessary. You will be prompted to go through
OAuth again once your refresh token expires (most likely to occur after a long period
without using DevAuth) or is revoked.
DevAuth stores all credentials locally on your machine. The Microsoft account tokens are stored in
microsoft_accounts.json inside the DevAuth configuration directory. The contents of this file are not
encrypted, so do not share it or open it when it may be seen. If you want to revoke DevAuth's permissions
or believe this file may have been compromised, DevAuth's permissions can be revoked here.
Note that this does not immediately revoke all access tokens, due to design decisions by Microsoft.
See here for more information.