search

dscalzi / HeliosLauncher

☀ Custom launcher for modded minecraft written in Electron and Node.js
MIT License
847 stars 1.75k forks source link

Users randomly affected by 'Failed to Verify Username' #22

Closed dscalzi closed 5 years ago

dscalzi commented 5 years ago

Random users have been affected by an issue preventing them from connecting to the server. Any attempts to connect are rejected with the reason 'Failed to verify username'.

Temporary Workaround Log out of your accounts, then relog in.

Why this works: The issue seems to be related to the clientToken, as of v1.5.1 the clientToken will be reset when all accounts are removed.

This issue randomly affects users so our authentication methods do seem to work, however occasionally something goes wrong. Our authentication strategy follows the guidelines laid out on wiki.vg.

  1. Send first auth request without a clientToken. (ie. if current client token is null)
    • Save the clientToken generated by Mojang's server and use this for all subsequent requests.
  2. That's it.

This issue can be manuallt invoked by by sending the incorrect --username argument to the game. As a result, the following has been verifications have been made.

As was mentioned earlier, the only thing that fixes the issue is submitting a request with a new clientToken. This leads me to believe that something with the clientToken is somehow causing issues with the returned accessToken. AFAIK, there is no way to detect this error before launching the game. Any issues witht he actual accessToken results in an "Invalid session" error.

Other launchers seem to just use the authlib, and we really aren't doing anything that differently. I've only given other code quick looks, but I honestly see no reason for this issue to happen. At this point, I'm nearly convinced there's some undocumented behavior that we aren't following exactly, Issues are not random, though. There must be some reason select clientTokens randomly fail.

Looking for some insight on this, as debugging it is largely speculative since I have never personally had the issue and we are literally following the documentation (and it usually works).

dscalzi commented 5 years ago

Turns out this happened only when fullscreen was enabled. We passed --fullscreen directly before the --username flag. Since there was no followup value to the fullscreen flag, --username was being ignored as a flag and being treated as the value to the fullscreen arg.

https://forum.westeroscraft.com/threads/failed-to-verify-username.1390/page-2#post-8164

Fixed by https://github.com/WesterosCraftCode/ElectronLauncher/commit/c834ca971abae6363c7c431e3a6516b9300a01fd