Integration with Ely.by

[erickskrauch]

Goal

Be able to log in to your Ely.by account directly from the accounts manager. Using an account automatically installs the Ely.by skin system patch.

Motivation

To make it easier for players to use skins from Ely.by. Users will not have the hassle of finding information about the required values for authlib injector in the documentation. They also will be able to securely log into accounts with two-factor authentication enabled.

Specification

I suggest:

1. Add a "Sign in with Ely.by" button to the accounts manager.
2. This button will initiate authorization via OAuth 2.0 protocol through the Account Ely.by service (docs). Authorizing the desktop application will require launching a browser and starting a local web server that will handle the redirect after authorization is complete. I commit myself to actively supporting every aspect of the implementation of this process.
3. After authorization is complete, the user account with the access token will be added to the db of the launcher.

4. When launching the game with Ely.by account, there are 2 possible scenarios:

   • The Authlib will be replaced with Ely.by's modified version. It is available for download here. We can discuss the direct downloading channel later.
   • Configuration for authlib-injector will be automatically substituted and the game will be launched through it.

   I insisted on the first scenario since our Authlib modification has built-in data caching, which offloads our servers.

Drawbacks

• The implementation of this module will require further support.
• Users can ask you questions about problems with their Ely.by accounts.

Unresolved Questions

• Is it worth doing?

Alternatives Considered

Users can continue to use the authlib-injector. But authlib injector requires effort to use and doesn't support two-factor authorization if enabled on the user account.

This suggestion is unique

• [X] I have searched the issue tracker and did not find an issue describing my suggestion, especially not one that has been rejected.

You may use the editor below to elaborate further.

If we agree and the integration is implemented, I will be happy to place your launcher as a recommended one on the load page of the site.

[evan-goode]

(Disclaimer, I am not an official collaborator here)

Hey Erick o/

I like the idea of properly supporting Ely.by here, and I think it may be worth the effort. It's a shame that OAuth2 requires so much development complexity, but that's a criticism of the framework rather than Ely.by. You'd think it'd be straightfoward since Prism already supports OAuth2 in the form of Microsoft login...

My main question is: are Ely.by's modifications to authlib libre? I understand it's difficult to "open-source" a patched authlib since Mojang's is nonfree. But is there a way to patch a "Mojang authlib" into an "Ely.by authlib" using libre code? I would rather not have this launcher depend on any more proprietary components than absolutely necessary (the Minecraft client).

Just to throw this out there, a more conservative approach to better Ely.by support might be:

• PollyMC maintains our own libre fork of authlib-injector with built-in caching (and fix some other issues that I've been unable to get through to upstream [1] [2]).
• Add an "Add Ely.by" button next to the existing "Add authlib-injector" button and have a custom dialog for Ely.by accounts with a 2FA code field, like PollyMC pre-8.0.

A disadvantage is that this solution obviously wouldn't support additional 2FA methods that Ely.by may add in the future, e.g. passkeys. And there would be more fragmentation between authlib-injector, our fork of authlib-injector, and Ely.by's authlib.

Upon first impression, my ideal solution would be to have OAuth2 Ely.by support but use a modified authlib-injector rather than Ely.by's authlib.

[1] https://github.com/fn2006/PollyMC/issues/107#issuecomment-1807272998 [2] https://github.com/yushijinhun/authlib-injector/pull/229

[erickskrauch]

It's a shame that OAuth2 requires so much development complexity, but that's a criticism of the framework rather than Ely.by.

It's not hard for websites, but for desktop applications, it's really a challenge :(

are Ely.by's modifications to authlib libre?

Our Authlib modification also implements handling of the ely property (you can see it in the response here), which allows us to correctly handle texture overwrites from mods like SkinsRestorer.

We would like to make our Authlib modifications and builds publicly available, since most of the Ely.by is OpenSource, but it violates Mojang's rights. So you'll either have to trust that we're the good guys and don't do more than is necessary to support skins, or just use authlib-injector :)

Upon first impression, my ideal solution would be to have OAuth2 Ely.by support but use a modified authlib-injector rather than Ely.by's authlib.

Generally, I don't see a problem with using the version from the authlib-injector. Especially since the cache is also implemented there. It performs slightly worse than our Authlib in terms of interacting with the SkinsRestorer server plugin, but this only affects players on servers.