node-minecraft-protocol icon indicating copy to clipboard operation
node-minecraft-protocol copied to clipboard

Published 20 hours ago verified publisher icon PrismarineJS

uses microsoft auth by default

Open rom1504 opened this issue 2 years ago • 10 comments

rom1504 avatar Feb 06 '22 17:02 rom1504

is that correct @extremeheat @Kashalls ?

rom1504 avatar Feb 06 '22 17:02 rom1504

is that correct @extremeheat @Kashalls ?

https://github.com/PrismarineJS/node-minecraft-protocol/blob/4691abd0365721d0c7981c4140c9009b434bc18f/src/createClient.js#L37 ?

kashalls avatar Feb 06 '22 17:02 kashalls

good point

I added a mode offline as well (to fix the issue at https://github.com/PrismarineJS/node-minecraft-protocol/pull/952 @IceTank )

however I'm now thinking maybe we should set the default to offline rather than microsoft

what do you think ?

rom1504 avatar Feb 06 '22 17:02 rom1504

Hmm, once mojang auth is removed the auth options might as well be true or false I think. But I do agree with making mojang auth explicit, that way later on when the mojang auth endpoints are disabled an error can be printed explaining it's no longer possible to do mojang auth

extremeheat avatar Feb 06 '22 19:02 extremeheat

So what about that mode "offline" ? It was never really a Mojang auth and it's definitely not a Microsoft auth, it's simply no auth. I think making it explicit is good.

Regarding true/false vs named, i think named is better because who knows if there won't be yet a new auth scheme we want to support in the future ;)

rom1504 avatar Feb 06 '22 20:02 rom1504

And should offline be the default? It used to be that way.

(IE no password = offline)

The current state is pretty confusing

rom1504 avatar Feb 06 '22 20:02 rom1504

Either way I think this will break things. Since some people don't currently put anything in for auth, switching it to offline would silently cause the bot to fail until connecting to the server (but I think with hideErrors false should be less of an issue), with 'microsoft' it could require user action.

I'm not sure where most people are running bots, but if most people are running/testing bots locally (this is what I'm guessing) I think it makes sense to default to offline.

extremeheat avatar Feb 07 '22 13:02 extremeheat

Looks like by March 10th 2022, all mojang accounts will no longer authenticate. (Sounds like they are just taking the auth servers down.)

As we previously used mojang as the default authentications scheme, I think we should default it to Microsoft. If the player doesn't want to use a real account, let them use offline.

Either way I think this will break things. Since some people don't currently put anything in for auth, switching it to offline would silently cause the bot to fail until connecting to the server (but I think with hideErrors false should be less of an issue), with 'microsoft' it could require user action.

I'm not sure where most people are running bots, but if most people are running/testing bots locally (this is what I'm guessing) I think it makes sense to default to offline.

I like this as well. I only have a couple bots deployed in production, where I have explicitly set auth: 'microsoft' in their configurations. Maybe we can instead of sending the output to debug, we can pipe to stdin and just display a little Hey! Unless specified, your bot won't attempt to auth without specifying the auth type! ?

kashalls avatar Feb 08 '22 18:02 kashalls

I think we should switch to offline by default. If people want to do Microsoft authentication the auth field is required anyway, so it seems to me like the least breaking path.

extremeheat avatar May 06 '22 04:05 extremeheat

I think we should switch to offline by default. If people want to do Microsoft authentication the auth field is required anyway, so it seems to me like the least breaking path.

I changed it to use offline mode as the default and fallback.

kashalls avatar May 06 '22 04:05 kashalls

need a redo

rom1504 avatar Jan 15 '23 17:01 rom1504