Allow for non OAuth2.0 workflow that doesn't require the user to visit a Website
Opened this issue · 2 comments
Quote from Discord chat:
well the old system I used it just gave a code when you connected to the server and then that code could be used once to retrieve the users name and uuid from the api
obviously the style of having the website give the code could be technically better since it can remember the login but I really doubt there are many cases where a user has to logon thru the service multiple times within a short time
but obviously even if the url is https://mc-auth.com/whatever discord will pop up that hey are you sure prompt which is the problem with any authentication
I'd like to use the same client_id and client_secret used for OAuth2.0 but instead of pointing the user to Mc-Auth and back to the requesting app.
Instead something like the following:
- The app tells me that Minecraft-User
SpraxDevwants to authenticate - Mc-Auth sends a success response, maybe with a request/session token and Minecraft server IP to join
- The user joins the server and gives the generated Code to the app
- The App gives me the request/session token and the code that was provided by the user
- Mc-Auth responds with the users profile information or an error
Any progress on this feature 👀 ?