Open sammko opened 3 years ago
The plans of Mojang to release a solution for 3rd party launchers are, as far as i can tell, dead. The wording on the FAQ page has changed from Wait for further information to " Build and use third-party launchers at your own risk". MultiMC discord also has some information supporting this.
Will still probably wait to see how MultiMC does it, but it is likely that a proper solution will require backend infrastructure to hold the MSA private key. (Or abuse the infra that the official launcher uses, but that is probably a bad idea)
Idea: add an option for pulling the accessToken from the vanilla launcher. I think it can then be refreshed normally? This would require the user to login once using the vanilla launcher. It might be an okay compromise before implementing a proper solution.
Hi, are there any plans on implementing new login system into picomc in nerby feature?
Sorry, no concrete timeline at this point
I did some research, we can use the device code flow, which seems the easiest to implement (no need to listen for a redirect callback) and also does not require use of the client_secret
. The process would be as follows:
picomc account authenticate <name>
. This would give the user a link, currently https://www.microsoft.com/link and the code to enter there.picomc
can either periodically check the /token
endpoint to see if the user has finished the flow, or just wait until the user confirms in the CLI that picomc
can continue the flow. This returns an access_token
and a refresh_token
. The access_token
is only valid for a short time (1 hour?), so the refresh_token
needs to be stored to be able to get a new pair.access_token
is used to get an XBL tokenThis flow doesn't require the Microsoft account to actually own the game, we can check that separately to warn the user.
I wanted to rewrite the account handling code first though, it's not very nice. I would like to have a look at this in the somewhat near future. I've just migrated my own account to be able to test this, so that's some motivation.
So it's in master now. A question which remains is whether storing the refresh_token
on disk in plaintext is a good idea. It can be used at any time to acquire a valid access_token
for the microsoft account to the given scopes (XboxLive.signin
)
FWIW MultiMC does store the refresh_token
on disk.
Support in picomc play
should be added.
Is this issue related to not being able to chat in 1.19.1+ or should I create a new issue for that?
Have you used the prototypepicomc account create --ms accountName
functionality to log in? accountName can be anything, it's just for picomc to refer to the account.
Yes, I did. Everything else works fine, just chat encryption seems to not get initialised properly. To be fair, Vanilla also has a couple bugs with that, but those usually get resolved by restarting the game. PojavLauncher (on Android) has the same issue as picomc. I'm using picomc play
, would picomc instance launch
work? I can test that probably in ~1½ days, as well as giving you the exact error message, if you need it.
Did a quick test, don't seem to have any issues. After creating the account, you also need to authenticate it, using picomc account authenticate accountName
. This will give you a device code and a link to the microsoft device auth flow. Chat should work after that.
It's a bit rough around the edges and that's why this issue is still open.
"Chat disabled due to missing profile public key. Please try reconnecting.
"
And yes, I went through that procedure, otherwise I wouldn't be able to connect to the server anyway.
https://www.minecraft.net/en-us/article/java-edition-moving-house. Currently waiting for technical details, closely watching any development over at MultiMC.