search

yushijinhun / authlib-injector

Build your own Minecraft authentication system.
https://authlib-injector.yushi.moe
GNU Affero General Public License v3.0
754 stars 68 forks source link

Mojang的Yggdrasil服务换实现方式了,我刚刚研究了一下 #58

Closed ChenhaoShen closed 5 years ago

ChenhaoShen commented 5 years ago 
{
    "user": {
        "id": "6e08b120a8684fb689bba42bff4872ea"
    },
    "accessToken": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2ZTA4YjEyMGE4Njg0ZmI2ODliYmE0MmJmZjYwNDNlYSIsIm5iZiI6MTU3MTA2MTUyNSwieWdndCI6IjIwNzA2Mjk1ZDc4MjQ0ZjlhMmUwMmM4ZDgwMjYyMzM4Iiwic3ByIjoiMTNlMDVkZmY0ODIwNGEwMzk4MTI0MTkxZjI4NmM0MDQiLCJyb2xlcyI6W10sImlzcyI6ImludGVybmFsLWF1dGhlbnRpY2F0aW9uIiwiZXhwIjoxNTcxMjM0MzI1LCJpYXQiOjE1NzEwNjE1MjV9.vjmvRRO_yV_HkghafwwkNlFJTceqLETuN7x1IaXtzno",
    "clientToken": "",
    "availableProfiles": [
        {
            "name": "username",
            "id": "13e05dff42408a0399175191f286c404"
        }
    ],
    "selectedProfile": {
        "name": "username",
        "id": "13e05dff42408a0399175191f286c404"
    }
}
{
    "accessToken": "random access token",      // hexadecimal or 3 base64 strings separated by periods
    "clientToken": "client identifier",        // identical to the one received
    "availableProfiles": [                     // only present if the agent field was received
        {
            "agent": "minecraft",              // Presumably same value as before
            "id": "profile identifier",        // hexadecimal
            "name": "player name",
            "userId": "hex string",
            "createdAt": 1325376000000,        // Milliseconds since Jan 1 1970
            "legacyProfile": true or false,    // Present even when false
            "suspended": true or false,        // probably false
            "paid": true or false,             // probably true
            "migrated": true or false,         // Seems to be false even for migrated accounts...?  (https://bugs.mojang.com/browse/WEB-1461)
            "legacy": true or false            // Only appears in the response if true. Default to false.  Redundant to the newer legacyProfile...
        }
    ],
    "selectedProfile": {                       // only present if the agent field was received
        "id": "uuid without dashes",
        "name": "player name",
        "userId": "hex string",
        "createdAt": 1325376000000,
        "legacyProfile": true or false,
        "suspended": true or false,
        "paid": true or false,
        "migrated": true or false,
        "legacy": true or false
    },
    "user": {                                  // only present if requestUser was true in the request payload
        "id": "user identifier",               // hexadecimal
        "email": "user@email.example",         // Hashed(?) value for unmigrated accounts
        "username": "user@email.example",      // Regular name for unmigrated accounts, email for migrated ones
        "registerIp": "198.51.100.*",          // IP address with the last digit censored
        "migratedFrom": "minecraft.net",
        "migratedAt": 1420070400000,
        "registeredAt": 1325376000000,         // May be a few minutes earlier than createdAt for profile
        "passwordChangedAt": 1569888000000,
        "dateOfBirth": -2208988800000,
        "suspended": false,
        "blocked": false,
        "secured": true,
        "migrated": false,                     // Seems to be false even when migratedAt and migratedFrom are present...
        "emailVerified": true,
        "legacyUser": false,
        "verifiedByParent": false,
        "properties": [
            {
                "name": "preferredLanguage",   // might not be present for all accounts
                "value": "en"                  // Java locale format (https://docs.oracle.com/javase/8/docs/api/java/util/Locale.html#toString--)
            },
            {
                "name": "twitch_access_token", // only present if a twitch account is associated (see https://account.mojang.com/me/settings)
                "value": "twitch oauth token"  // OAuth 2.0 Token; alphanumerical; e.g. https://api.twitch.tv/kraken?oauth_token=[...]
                                               // the Twitch API is documented here: https://github.com/justintv/Twitch-API
            }
        ]
    }
}

新版少了很多字段,并且AT生成变成了JWT 2019-10-14

JWT 算法为 HS256 payload 中保存的内容为

{
  "sub": "6e08b120a8684fb689bba42bff4872ea", --用户ID
  "nbf": 1571061525, --验证过期时间
  "yggt": "20706295d78244f9a2e01d9e80267339", --根据缩写可能是yggdrasil的令牌
  "spr": "13e05dff42408a0399175191f286c404",  --根据比对是角色UUID
  "roles": [], --各种规则?
  "iss": "internal-authentication", --签发者
  "exp": 1571234325, --签名过期时间
  "iat": 1571061525  --签发时间
}
xfl03 commented 5 years ago

其中 accessTokenclientToken 为任意字符串,推荐使用无符号UUID或JWT。

已修改相关内容。

ChenhaoShen commented 5 years ago

@xfl03 如果按照现在的格式来说,客户端是怎么获取角色信息的呢?

xfl03 commented 5 years ago

/authserver/authenticate是启动器使用的接口,客户端不会接触到里面的角色信息,按照原版流程的话,是服务端通过/sessionserver/session/minecraft/hasJoined?username={username}&serverId={serverId}&ip={ip}验证用户入服请求并获得角色信息,然后将这一内容重新传回给客户端。

ChenhaoShen commented 5 years ago

@xfl03 好的,谢谢解答