Closed Merith-TK closed 2 years ago
Why and how? GeyserConnect is designed to connect to multiple other servers.
floodgate
allows "linking" an java and bedrock account together through the Global Account Linking service that it comes with, allowing you to link your accounts in the web browser, and then just play through any geyserconnect instance without having to re-login on every single connection
Unfortunately that can't be used here. Floodgate just stores your Java username/UUID, and not the credentials that are required to authenticate to a given server. Thanks for the request anyway! We will have some other way to work around the password issues.
Oh... damn...
maybe, possibly creating a "linking" function that allows you to link bedrock accounts to a java account on the individual instance level, provided they have a database configured (not some plaintext json file)
Considering MultiMC is able to get your Java auth token stuff with just your Microsoft account, (if you have migrated) it might be possible to use the same method to get the java auth token on the geyser instance, accessible by only the associated Bedrock Account (through some kind of encryption salt where something about the bedrock account and the IP thats connecting to geyserConnect are part of the security code?
We haven't found a secure way to do that.
Why not have the Global Auth feature of Floodgate (through the official service only) be allowed access to the java auth token for Microsoft/Migrated accounts, where the user can "opt-in" to having floodgate do this when they link their accounts.
and when they "opt in" they are prompted to make a password, which is then combined with their bedrock-username/uuid, and used to allow they geyserConnect instance to connect them to the java server
This would still require manual intervention for authentication each time, but would be much easier for the user as they no longer will have to go to their browser and input a code, every. single. time. they join a server, which normally floods their email with "a new application has been authorized!" emails from microsoft
Essentially, centralize geyser-connects Floodgate authentication through Floodgate's "Global Auth" service
Heck no. We're not storing passwords like that. Maaaaybe we allow that on local instances, but I do NOT want to be in charge of storing sensitive information, even encrypted.
there is always the option of having floodgate's global auth on geyser-connect request the auth token each time and pass it to the local geyser each time, since the accounts are linked through microsoft (again, opt-in only with a heavy disclaimer)
The whole point is avoiding storing any sensitive information, period. Anything that's encrypted can be unencrypted. It's not a risk we want to take. No amount of disclaimer is gonna deter people from bothering us if something happens.
Floodgate support just isn't going to happen unfortunately. We would definitely want it if there was an easy, secure way of doing it, but it's just not possible. Security is a much higher priority and no debate or workarounds are going to change it.
So basically we gotta wait until Microsoft unifies their shit better?
as in title, I would like to have floodgate enabled!