Update authentication function

[PretendingToCode]

Although the current authentication method in place for this library returns a session, it is a game session. Tokens generated from this type of authentication cannot be used with the online API. Instead, use the following format:

https://authserver.mojang.com/authenticate POST Header: Content-Type: application/json Body: { "captcha":"string: captcha key", "captchaSupported":"InvisibleReCAPTCHA", "password":"user password", "requestUser":true, "username":"user email" }

Where 'captcha' is an invisible ReCAPTCHA key. Assets and POST request data can be found on the minecraft.net login page using the Chrome debugger.

[astra137]

I am fairly confident that this cannot be done in the context of Node.js, since ReCAPTCHA is designed to work in a browser with a human present.

In my experiments, it is possible to get a website session to work without the captcha, by first making a call to the user/security/location endpoint, then authenticating without specifying an agent. It only sometimes worked. I might do more research to see if I can find a reliable way to access the private user APIs.

[PretendingToCode]

That's interesting, works exactly as you described it. After a few uses the token becomes invalid, but I noticed that sending a request to that endpoint again will "refresh" the token and make it work for a short amount of time.