promotional bannermobile promotional banner

AuthMe Reloaded

The most used authentication plugin for Spigot and CraftBukkit!
Download

File Details
Download

AuthMe 6.0.0 - Spigot BEFORE 1.21.6

ByXephi59
  • R
  • May 7, 2026
  • 1.05 MB
  • 144
  • 1.21.5+25

File Name

AuthMe-6.0.0-Spigot-Legacy.jar

Supported Versions

  • 1.21.5-Snapshot
  • 1.21.5
  • 1.21.4
  • 1.21.3
  • 1.21.2
  • 1.21.1
  • 1.21
  • 1.20.3-Snapshot
  • 1.20.5-Snapshot
  • 1.20.6
  • 1.20.5
  • 1.20.4
  • 1.20.3
  • 1.20.2
  • 1.20.1
  • 1.20
  • 1.19.4
  • 1.19.3
  • 1.19.2
  • 1.19.1
  • 1.19
  • 1.18.2
  • 1.18.1
  • 1.18
  • 1.17
  • 1.16

# AuthMe 6.0.0

AuthMe 6.0.0 is a major overhaul focused on modern server compatibility, a cleaner authentication experience, and broader plugin ecosystem support. This is the first stable release of the 6.x line.

## Highlights

### Dedicated builds for every platform

AuthMe now ships as separate, purpose-built jars for each server platform: **Spigot 1.16–1.19**, **Spigot 1.20–1.21+**, **Paper 1.21+** (1.21.11+ recommended for Dialog), and **Folia 1.21+**. Install the jar that matches your server — no further configuration needed to get the right behaviour for your platform.

### Native proxy plugins for BungeeCord and Velocity

Two dedicated proxy plugins are now available, one for **BungeeCord** and one for **Velocity**. They handle authentication state synchronisation between the proxy and backend servers automatically, replacing the previous approach that relied solely on backend-side configuration. See the [proxy configuration guide](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/proxies/configuration.md) for setup instructions.

### Dialog-based login and registration

On Spigot 1.21.6+ and Paper / Folia 1.21.11+, players are presented with a graphical dialog to log in or register — displayed right as they connect, before they even fully join the server. The dialog is shown in the player's own language.

Several quality-of-life improvements ship with the dialog system:

- **Email recovery in post-join dialogs** — players with a recovery email can trigger password recovery directly from the dialog
- **"Let player in" recovery option** — a new setting allows players to partially join the server to complete account recovery rather than being held at the connection screen
- **Customisable body description** — the body text of login/register dialogs is configurable per server
- **Separate forgot-password dialog** — the forgot-password flow has its own dedicated UI for both pre-join and post-join contexts
- **Register field validation** — pre-join registration dialogs validate fields (password length, email format, etc.) before submission
- **Kick-on-cancel option** — a new setting controls whether players are kicked if they dismiss the pre-join dialog

### Premium bypass with cryptographic Mojang verification

Players with a legitimate Mojang account can skip password authentication entirely. AuthMe verifies their identity via a full cryptographic handshake with Mojang's session server — no password prompt, no dialog box. This closes the spoofing vector that existed when relying solely on username matching.

Three verification modes are supported automatically depending on your setup: direct offline-mode (requires PacketEvents), online-mode proxy (UUID forwarded by the proxy), and offline-mode proxy with the AuthMe proxy plugin. Premium player lists are synchronised automatically and sent in chunks for large servers.

See the [premium bypass guide](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/premium.md) for full setup instructions.

### Messages in the player's own language

AuthMe serves each player messages in their Minecraft client language, including login/register prompts, help output, and dialogs. When a player's locale is not available it falls back to the server's configured default. See the [translations reference](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/translations.md) for the full list of supported languages. New in this release: **Tatar** and **Spanish** translations.

### Eight new account importers

The converter system now covers a wide range of authentication plugins. You can migrate accounts from:

- **Auth+**, **LibreLogin**, **LimboAuth**, **nLogin** (including SQLite auto-detection), **OpeNLogin**, **tiAuth**

All importers reuse the AuthMe connection pool and apply consistent UUID handling. See the [converters guide](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/converters.md) for usage.

### New `server` spawn priority

A new `server` value is available for the spawn priority setting. The spawn location is determined by the configured server spawn point with an optional radius so players don't stack on the same block. Falls back to the default spawn location if none is available.

### Email confirmation on change

`/email add` and `/email change` now require the player to confirm the new address before it is saved, preventing typos from locking players out of account recovery.

### Separate login and registration timeouts

The single timeout setting has been split into two independent values: `loginTimeout` and `registerTimeout`. Existing configurations are migrated automatically — no action required. Full details are in the [configuration reference](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/config.md).

### New hash algorithm: PBKDF2BASE64

A new `PBKDF2BASE64` hash algorithm is now supported. See the [hash algorithms reference](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/hash_algorithms.md) for details.

### Ender pearls returned on login

Ender pearls thrown before authentication are held and returned to the player's inventory on successful login rather than being lost. Configurable via `settings.restrictions.cancelThrownEnderPearlOnJoin`.

---

## Breaking changes

**Java 17 is now the minimum required version for spigot-legacy.** Servers still running Java 8 or Java 11 must upgrade before installing this release.

**Java 21 is now the minimum required version for other platforms (Spigot 1.21, Paper, Folia).**

**PacketEvents** replaces ProtocolLib for inventory protection, tab-complete blocking, and premium bypass in direct-connection mode. Install [PacketEvents 2.x](https://modrinth.com/plugin/packetevents) if you use any of these features — ProtocolLib is no longer used for this purpose.

---

## Bug fixes

- Quit location is now correctly saved on disconnect
- Walk and fly speed are properly reset on auto-login via premium, session, or proxy
- Admin force-login commands correctly dismiss any open dialog for the target player
- Proxy auto-login works correctly when the target player is already online
- Email format is validated before any processing is attempted
- Email recovery UI is only shown when the email sending system is properly configured
- TOTP QR codes are generated with a default margin
- BungeeCord plugin messaging channel is correctly registered on startup
- Brigadier command registration handles `@` characters and awaits proper type resolution
- Converters correctly insert and update player UUIDs
- Spawn location Y coordinate is correctly selected in `server` spawn mode

---

## Additional resources

- [Configuration reference](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/config.md)
- [Commands and permissions](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/commands.md)
- [Permission nodes](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/permission_nodes.md)
- [Hash algorithms](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/hash_algorithms.md)
- [Converters](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/converters.md)
- [Translations](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/translations.md)
- [Premium bypass](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/premium.md)
- [Proxy configuration](https://github.com/AuthMe/AuthMeReloaded/tree/master/docs/proxies/configuration.md)