yushijinhun / authlib-injector

Build your own Minecraft authentication system.
https://authlib-injector.yushi.moe
GNU Affero General Public License v3.0
755 stars 69 forks source link

Lookup skins by player name on "offline" servers #256

Open evan-goode opened 4 months ago

evan-goode commented 4 months ago

Moving this from https://github.com/elyby/accounts/issues/32.

We've had a number of PollyMC and Fjord Launcher users complain that skins are not visible when using an authlib-injector client with an online-mode=false server: https://github.com/fn2006/PollyMC/issues/107, https://github.com/fn2006/PollyMC/issues/58. The authlib-injector client does attempt to load player skins from the API server even on online-mode=false servers, but it requests them via the player's "offline UUID" (derived from the player's username), and authentication servers typically respond with a 204 No Content.

When on online-mode=false servers, could authlib-injector lookup player skins by player name, querying https://github.com/yushijinhun/authlib-injector/wiki/Yggdrasil-%E6%9C%8D%E5%8A%A1%E7%AB%AF%E6%8A%80%E6%9C%AF%E8%A7%84%E8%8C%83#%E6%8C%89%E5%90%8D%E7%A7%B0%E6%89%B9%E9%87%8F%E6%9F%A5%E8%AF%A2%E8%A7%92%E8%89%B2 to find the correct, online UUID and then fetching skins by that UUID?

This behavior could be gated behind a Java argument in case the user/launcher wants to turn it on or off.

I am happy to prepare a PR if desired.

Another approach to solve the problem is to modify each authentication server implementation to resolve offline UUIDs to the correct accounts. I have done this in Drasl: https://github.com/unmojang/drasl/commit/e8537ea54c1068ae10cef0aaf1ce821698c5d648. But this would mean every implementation has to do it themselves, and Ely.by has already said they'd rather the problem be solved in authlib-injector.

kuruaff commented 4 months ago

Check SkinsRestorer, You can correct the system for issuing a response to players with data of player's skins by replacing the skin url to own in the returned array

evan-goode commented 4 months ago

Yes, thanks, there are workarounds available. CustomSkinLoader should also be mentioned since it's clientside and thus can be used on a vanilla server. FabricTailor is also promising as a solution for Fabric servers, but currently does not support configuring a custom skin server, just Ely.by.

Still, I am curious about a fix in authlib-injector itself. A user might reasonably assume that clientside authlib-injector with Ely.by or Blessing Skin is sufficient to see player skins on vanilla online-mode=false servers.

authlib-injector already modifies the client to make skin requests even in online-mode=false servers [1], which the vanilla client does not do, so perhaps adding the additional step of player name -> UUID resolution is not too big a departure from vanilla behavior.

[1] Though this seems to not work in 1.21, I will investigate some more and file an issue.

kuruaff commented 4 months ago

but this feature realizable by own auth api (backend side), you can handle requests by server with "nickname regex" in url routing like you handle requests with uuid at this time

yige233 commented 4 months ago

The vanilla online client will not load any skin(including the player's own) when joining into an offline server. It might be a mistake of authlib-injector that making skin requests in offline servers, I think?

kuruaff commented 4 months ago

The vanilla online client will not load any skin(including the player's own) when joining into an offline server. It might be a mistake of authlib-injector that making skin requests in offline servers, I think?

server core also can patched by authlib and return player skins data to client is issue of server, when offline mode is enabled server also can send skins to client but need to use not usual methods like skinsrestorer plugin by default plugin send custom skins data by player name from official minecraft server, you can just replace url in plugin classes to your own api, but they dont supports via non patched client with custom skin url by security solution

i dont understand why you need to load skins on servers with offline mode enabled on the client, if this, in turn, does not guarantee that the player will not joined from any other client (vanilla or injected by another project)

anyway its not trouble of injector

tnqzh123 commented 4 months ago

I can't get your point.

What you said is, you have an authlib injected server, you have an authlib injected client, but you still set online-mode=false?

So why not just set online-mode=true and use your own authenticate server?

That's doesn't make sense that adding authlib-injector just for skins. Adding a client-side mod like CustomSkinLoader or adding a server-side plugin like SkinsRestorer is much easier than patch both server and client with authlib-injector. If your server provider doesn't provide custom server kernel, I don't believe they will let you set JVM arguments so you can add authlib-injector, and if your launcher doesn't support Forge or Fabric client, I don't believe it supports authenticate with custom Yggdrasil server.

yige233 commented 4 months ago

The vanilla online client will not load any skin(including the player's own) when joining into an offline server. It might be a mistake of authlib-injector that making skin requests in offline servers, I think?

server core also can patched by authlib and return player skins data to client is issue of server, when offline mode is enabled server also can send skins to client but need to use not usual methods like skinsrestorer plugin by default plugin send custom skins data by player name from official minecraft server, you can just replace url in plugin classes to your own api, but they dont supports via non patched client with custom skin url by security solution

i dont understand why you need to load skins on servers with offline mode enabled on the client, if this, in turn, does not guarantee that the player will not joined from any other client (vanilla or injected by another project)

anyway its not trouble of injector

Yes. Authlib-injector don't need to concern about how to load skin in offline servers, which should be resolved by other mods like custonSkinLoader.