DirectAuth

A server-side-only authentication system with Online auto-login and zero configuration required. Protect your offline server with secure hashing and seamlessly migrate player data (inventory, stats) when users switch to Online Mode.

DirectAuth

DirectAuth is a server-side authentication mod for Minecraft 1.21.1 (NeoForge). It provides a secure login system for offline servers with optional online auto-login support.

It is strictly server-side. Clients do not need to install this mod to join.

Key Features

  • Server-Side Only: Install it on your server, and players can join with any vanilla client.
  • Zero Configuration: Uses an embedded local database. No MySQL setup required.
  • No Lag: All database operations are performed asynchronously to ensure the main server thread never freezes.
  • Security: Passwords are hashed using strong encryption (PBKDF2).
  • Auto-Login: Players with legitimate Minecraft accounts can use /online to skip typing passwords in future sessions.
  • Strict Restrictions: Unauthenticated players cannot move, interact, chat, drop items, or regenerate health.

Commands

Command Usage Description
/register /register <password> Creates an account. Required on first join.
/login /login <password> Logs you in.
/online /online <password> Verifies your account with Mojang servers to enable auto-login. (See Migration Warning below)
/directauth /directauth online <user> <bool> Admin command to manually toggle a player's online status.

Data Migration (Important)

DirectAuth includes a migration system for players switching from Offline (Cracked) to Online mode. Since enabling Online Mode changes your player UUID, this mod attempts to move your data to the new UUID automatically.

Warning: By default, only vanilla data is migrated (Inventory, Ender Chest, Advancements, Statistics). If your server uses other mods that save player data (e.g., Curios, FTB Teams, Astral Sorcery), the server administrator must add those folder names to the foldersToMigrate list in world/serverconfig/directauth-config.json before running the command. Always backup your world before performing migrations.

Technical Details

Architecture

DirectAuth uses SQLite for data storage, located at world/serverconfig/directauth.db. It does not require an external database server.

Security

  • Hashing: PBKDF2WithHmacSHA256 with unique salts per user.
  • Session Management: Sessions are validated against the internal database and Mojang's session servers (for online users).
  • Protection: The login listener is injected at high priority to prevent unauthorized packet processing.

Compatibility

  • Loader: NeoForge 1.21.1
  • Side: Server-side only.
  • Modpacks: Can be included in any modpack.

Configuration

The configuration file is located at world/serverconfig/directauth-config.json. You can customize:

  • Password length limits.
  • Login timeouts and cooldowns.
  • Specific player restrictions (chat, movement, health regen).
  • Folders to include in the data migration process.
  • Language.

Source Code & Issues GitHub Repository | Report Issues

The DirectAuth Team

profile avatar
marcp_dev
Owner
  • 1
    Projects
  • 1.4K
    Downloads