Is this legal?

[Snowiiii]

Hello. Im the Creator of Pumpkin, A custom Minecraft server written in Rust, Someone in our Discord asked us, If we could support custom authentication servers and a big discussion was made if this is against the EULA. I found the idea of having a custom auth server cool and just wrote an email to enforcement@mojang.com asking if custom authentication servers are legal. I just wanted to know what you know about that

[evan-goode]

Hi, I am not a lawyer and this is not legal advice, but I have argued in the past that playing Minecraft using custom authentication servers does not violate Minecraft's EULA, see https://github.com/PrismLauncher/PrismLauncher/pull/543. Some of the key points:

• Offline servers have always been supported by Mojang, allowing users to play Minecraft without Mojang's authentication servers (provided that they have already legally installed the game).
• The Minecraft client natively supports overriding the authentication server URLs
• There are many legitimate reasons to use custom authentication servers that are clearly not EULA-violating behaviors, such as programming bots.
• Whether custom authentication servers facilitate piracy entirely depends on what launcher is being used. If you use Fjord Launcher, the launcher I maintain and recommend, you'll find that you can't add a third-party account unless you first add a Microsoft account that owns the game.

Keep in mind that in general, the question of "is X legal" goes beyond the mere text of a EULA or the opinion of the company who wrote it. Like any contract, a EULA may or may not hold up in court, and it may be trumped or invalidated by local laws. I'd say that a judge in your jurisdiction is the only one who can answer your question with 100% certainty.

[Snowiiii]

Okay, I see. If your interested i can update you if i have any response from the Mojang team. Thank you

[Snowiiii]

Inquiry Regarding Custom Authentication Servers for Minecraft Server

enforcement@mojang.com

Thank you for your inquiry. To provide a complete and accurate response, additional information is required. The use of a Custom Authentication Server may or may not violate the Minecraft End User License Agreement (EULA), depending on several factors.

As long as you ensure that players are using legitimate Microsoft accounts and a valid copy of Minecraft, the use of a Custom Authentication Server may not be problematic. However, based on the information provided, it is difficult to give a definitive answer.

[evan-goode]

Thanks, that's about the reply I was expecting. This would be a good snippet to include in Drasl's README in case anyone is curious about EULA compliance. I'll keep this issue open to remind myself to do that.

As long as you ensure that players are using legitimate Microsoft accounts and a valid copy of Minecraft

Fjord Launcher fulfills this requirement, and Drasl also has an option to verify that a user owns Minecraft before allowing them to register an account (RequireSkinVerification).

In the "steelman" case, I doubt Mojang would have a problem with a single player or small group of friends (who all own the game) running a custom authentication server to play around with bots using e.g. Mineflayer. This use case was the original inspiration for Drasl. But I wonder what Mojang would think if a large network of commercial servers (think Hypixel) started requiring players to use a custom launcher and purchase a Hypixel account to log in. If someone wanted to set up something like that, I'd suggest they reach out to enforcement@mojang.com and ask them about their specific use case.

For us as developers, it sounds like the EULA does not prevent us from supporting custom authentication servers in our software since there are, as Mojang has said, legitimate use cases that do not violate the Minecraft EULA.

[Snowiiii]

I added the ability to change the URL in the configuration now, As far as my understanding goes this should be enough to support custom authentication for Drals or other Custom Auth Servers. Let me know if there is something i could improve integrating Custom Auth Servers: https://snowiiii.github.io/Pumpkin/developer/authentication.html#custom-authentication-server