❔ Log into minecraft with xbox/microsoft api
I was wondering how to authenticate a Minecraft account with Microsofts new account system and if there's a NUget package that could help
22 Replies
Thanks
I'm here on the wiki: https://wiki.vg/Microsoft_Authentication_Scheme I created an application with microsoft azure but I have no idea what to do with this oauth2 authorization code flow
what kind of app are you building?
A launcher
well, as the article mentions, it's all predicated on the idea of browser redirects
so, if you're going to use code flow, you have to be able to launch a browser
AS WELL AS receive a callback
which means having an HTTP server, at least temporarily, as the article also mentions
otherwise, there's an alternative "device code flow"
both still require the user to visit Microsoft's website, in a browser, which is the core point of how OAuth works
users don't authenticate themselves to you, they authenticate themselves to Microsoft, or whoever the OAuth provider is
and then the provider confirms it for you
Is this why i need to make a azure app
yes
ahh
you have to tell Microsoft ahead of time that you intend to use its OAuth services for your app
A) that gives them some amount of traceability for who's using their shit
B) that makes you declare up-front what you're intending to use OAuth for, I.E. what permissions you need, which then gets passed on to the user for them to confirm whether it's okay
C) that gives them the ability to immediately revoke your ability to use the OAuth system, in the event of a security breach or something, in the form of revoking your API key
D) that gives you the same ability to "shut down" the app by revoking the API key
this thing:
yup
that's Microsoft's website
users give their password or whatever to Microsoft
never to you
ergo, they don't HAVE to trust that you're not doing anything nefarious with it, cause you never have the chance
so the app gets an access token in the end, is that what I receive in order to log the players in?
yes
you get an access token in response to their login
that access token allows you to access other Microsoft/Minecraft services, at least temporarily
in your case, perhaps the only thing you need is to identify the user
like, maybe call a GetUserInfo endpoint
or maybe you need to retrieve like a session token to pass to the game when you launch it
ye, how do I get the link for the OAuth that player put their credentials into
you'll have to check documentation
ideally, you'll retrieve it from Microsoft on the fly
k
thx
one of the standards for doing all of this is the OpenIDConnect protocol
that wiki.vg page tells you everything you need to know
for which, the URL you retrieve all the info from is
https://{oauth-provider-hostname}/.well-known/openid-configuration
Why are so many doing launchers nowadays? I see it all the time here.
Was this issue resolved? If so, run
/close - otherwise I will mark this as stale and this post will be archived until there is new activity.