evan-goode
commented
4 days ago I can reproduce this, I think there might be a couple things going on here.
One is that it looks like authlib-injector clients are not always treating the Mojang skin as valid, which could be related to https://github.com/yushijinhun/authlib-injector/pull/229 and the fact that Mojang now has two separate public keys used for signing textures: https://api.minecraftservices.com/publickeys. But I'm not totally sure about that, I need to create a reproducer.
The more actionable issue is that Mojang heavily rate-limits requests to https://api.mojang.com/profiles/minecraft and this is breaking fallback requests on that route. We need to rework how these requests are cached, and cache responses per playername per fallback server instead of per request. i.e, POST ["notch", "herobrine"] then POST ["notch"] should not result in an additional request, since notch's UUID should already be cached. And we need to add some kind of queue so that only one request is in progress to the fallback route at a time.
Even when skin forwarding is configured correctly player heads do not use a skin unless they are explicitly added to drasl. Normal Player models work fine. Their skins are forwarded correctly even if they don't have drasl accounts.