Advertisement
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

MCPE: Realms Authentication?

Comments in 'General Discussion' started by Jaydenb1321, Jan 28, 2015.

  1. Jaydenb1321
    Offline

    Jaydenb1321 New Member

    Joined:
    Aug 16, 2014
    Posts:
    45
    Minecraft User:
    ItzBulkDev
    From one of my previous posts, I proposed custom messages at any time from leaving the server other than client disconnect.

    No, I have a new proposal to the actual MCPE game! Now, I'm obviously not a super great coder like shogchip, but, if he could, it would be great to add a realms authentication. Since shogchip was assigned multiplayer functions, I believe it is in his jurisdiction to be able to add this.

    Here's how it works:
    1. Player signs in to Their Realms

    2. Player joins a server

    3. Player is greeted with a message saying he/she has logged in (Maybe implementing custom join messages)

    4. Player can PLAY!!

    Yes, this may cause SimpleAuth to stop, but this can make a worldwide authentication just like PC!!
  2. ProjectInfinity
    Offline

    ProjectInfinity Active Member Plugin Developer

    Joined:
    Sep 7, 2014
    Posts:
    112
    Plugins:
    3
    Minecraft User:
    ProjectInfinity
    SimpleAuth is the best way of doing authentication at the moment. The problem is the lack of uniqueness between each client.
    Jaydenb1321 likes this.
  3. Jaydenb1321
    Offline

    Jaydenb1321 New Member

    Joined:
    Aug 16, 2014
    Posts:
    45
    Minecraft User:
    ItzBulkDev
    i know that SimpleAuth is the way of authentication, but if you read it, it blanty says that this is a proposal meaning this should happen. Btw this reply wasn't made to be harmful
  4. ProjectInfinity
    Offline

    ProjectInfinity Active Member Plugin Developer

    Joined:
    Sep 7, 2014
    Posts:
    112
    Plugins:
    3
    Minecraft User:
    ProjectInfinity
    You have to realize that like I said there is a lack of uniqueness to each client. It is not really possible to tell them apart reliably, therefore this is not really possible.

    If someone managed to come up with something that was reliable and unique then we'd probably already be using that.

    edit: I don't think MCPE team was interested in a central authentication system?
    Jaydenb1321 likes this.
  5. Jaydenb1321
    Offline

    Jaydenb1321 New Member

    Joined:
    Aug 16, 2014
    Posts:
    45
    Minecraft User:
    ItzBulkDev
    Ahhhh... I understand. I guess if some players do not have a mojang account, then how would they login. Assuming that Realms Authentication is still wanted, servers can still use SimpleAuth for the players that don't have an account. Although this would be a pain to detect if they are logged in to realms to enable the SimpleAuth for the player, it would still be cool to have this feature. Many server owners can't pull a database out their butt, on top of that server owners (if they could even get a database) will have to send it to all a servers, or PocketMine could just add a default database for players who register, which would make it a lot easier.

    Sorry this is so long, lol
  6. Darunia18
    Offline

    Darunia18 Staff Member Sectional Moderator

    Joined:
    Aug 23, 2013
    Posts:
    755
    Plugins:
    2
    Minecraft User:
    Darunia18
    A few things to add that @ProjectInfinity already touched on, but I have a few words of my own to add in as well:
    1. Custom messages are officially a thing since Shoghi started working at Mojang last week (not sure if you were saying you were still wanting it or something. It'll be coming with 0.11.0).
    2. Currently, while you can log into Realms with the client, that is only to access the Realms server list. The account details are unreadable by the server, Pocket Edition Realms is offline at the moment, and I'm not sure if the button even works anymore or not.
    3. Realms used to be used as an authentication method for PocketMine servers, but Johan requested that Shoghi terminate the PocketMine Realms program. Shortly after, PE Realms was kind of discontinued anyways. In return for losing our PM Realms, Johan gave us the external button for adding servers.
    4. In relation to the last point, I believe that the PE team is not interested in an official authentication system for Pocket Edition. While they appreciate PocketMine and what it has done for the PE community, they don't really see it as a necessity. Mojang still doesn't necessarily support PM servers, so multiplayer-only features are usually put at the bottom of the list. With Shoghi on the team, maybe that will change, but I'm not exactly sure what he's working on for PE at Mojang. Also, Johan and Tommaso said in an interview about a year ago that since Pocket Edition's user base is, for the most part, younger children, they want Pocket Edition servers to comply with that somehow. For their own safety as a company, they can't just add external server support through an authentication system or a multiplayer tab like in the PC edition because they have no way to communicate with parents that their children may encounter some not-very-family-friendly material. While they can add some disclaimers to the game, everyone knows that most people don't read those, and there's always a chance that an overprotective parent can win in a lawsuit against Mojang. So, because there's no official MCPE server software, they don't feel it is necessary to put themselves on a limb for the sake of 3rd party software.

    To clarify, they don't have anything against PocketMine or Pocket Edition servers. If they did, they would have never hired Shoghi! They just have to take certain legal precautions. They have said that if we, as a community, can come up with a way to deal with some of those issues, they would be more than happy to support us more. But because of how the internet usually works, I'm not sure when, or if we will ever, see that day come to fruition.
    Legoboy0215 and iJoshuaHD like this.
  7. Elmo
    Offline

    Elmo Active Member

    Joined:
    May 9, 2014
    Posts:
    65
    Minecraft User:
    optrusty
    Please, you are ruining the changeable IGN reputation.
  8. Darunia18
    Offline

    Darunia18 Staff Member Sectional Moderator

    Joined:
    Aug 23, 2013
    Posts:
    755
    Plugins:
    2
    Minecraft User:
    Darunia18
    1. What's the "changeable IGN reputation"? and 2. How am I ruining it?
  9. Elmo
    Offline

    Elmo Active Member

    Joined:
    May 9, 2014
    Posts:
    65
    Minecraft User:
    optrusty
    Oh sorry I wasn't mentioning you
  10. Darunia18
    Offline

    Darunia18 Staff Member Sectional Moderator

    Joined:
    Aug 23, 2013
    Posts:
    755
    Plugins:
    2
    Minecraft User:
    Darunia18
    Oh I apologize XD I guess I misread. I probably saw my username above your quote and, for some odd reason, my brain saw it as you quoting me. My apologies :p
  11. BrandonTheMiner
    Offline

    BrandonTheMiner New Member

    Joined:
    Feb 3, 2015
    Posts:
    2
    Minecraft User:
    SenorContento
    I would like a central authentication system, but unless for example I figure out how to get mods to communicate with my server (which is a project I am looking at right now) for implementing its own unofficial auth system like SimpleAuth, but instead allows admin gui and gamemode change without crash, etc... on a server for a better mcpe, or if the server can see clientid (idk if it can) so no matter the ip address, the client(s) with the same id can auto auth, it cannot happen as far as I know. Those are just a few ideas I have had for single client auto auth. So if anyone could detect server ip using a mod (which I am trying to figure out how to do) or if the clientId wolves use to track owner can be read by the server, then maybe it could happen, but other than that, I have not figured out how to make the central auth idea happen yet.

    My last idea was to actually use a central server that is reliable to stay online to allow get requests for the username from the modded client and a participating server can send details on what users are on it to the central server, then have the mod read the server details from the predestined server and perform authentication using its own internal mechanisms and using get requests from the server details in a form like (&user=username&authkey=XXXXXXXXX&command=(authenticate or gamemode, etc...) using BlockLauncher and its web support to pull strings using a very convoluted workaround.

    If anyone has any better ideas, please post it and notify me. If I need to clean up this post or explain farther, please do the same.

    Thank you.
  12. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,306
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Someone who is well known around the community make a public MySQL database, then everyone connect to it. The only problem is just that letting the public use it may result in malicious actions, like someone deleting everything from the database.



    Something BitCoin inspires me:
    Someone with reputation makes a database, this database contains a list of IPs. People create their own MySQL servers on IPs listed on the database, then SimpleAuth distributions will use data from the listed servers. According to what BitCoin tells us, malicious activity should be slower than the honest activity, thus outpacing the bad data and letting the honest data go on.
    This is only for BitCoin though, because you need to spend a long time or a lot of resources to create malicious nodes on the bitcoin network, but only a click to destroy everything on this kind of network.
    xFlare likes this.
  13. Jaydenb1321
    Offline

    Jaydenb1321 New Member

    Joined:
    Aug 16, 2014
    Posts:
    45
    Minecraft User:
    ItzBulkDev
    I'm using my database for SimpleAuth in case someone deletes data from theirs. If there is a way to hide the password that would be Cool. If so, i could contribute my database
  14. Falk
    Offline

    Falk Staff Member Global Moderator

    Joined:
    Sep 2, 2013
    Posts:
    1,707
    Plugins:
    22
    Minecraft User:
    Falkirknh
    @PEMapModder But the problem still stands that a malicious server owner could generate a list of user passwords and then login as them on other servers. The only way I can think to solve this is a big proxy server which could authenticate players and then redirect packets to the server they want to connect to. That isn't very practical though.
    PEMapModder likes this.
  15. jython234
    Offline

    jython234 Notable Member Plugin Developer

    Joined:
    Nov 4, 2013
    Posts:
    324
    Plugins:
    1
    Minecraft User:
    jython234
    I came up with an idea today, sort of based off of cydia repositories, which are based off of aptiude. Members of the community would run their own stand alone authentication servers, which could handle requests from PocketMine plugins requesting if a player can authenticate through that auth server. If not, the plugin can move to the next auth server in it's config. There would be a default "central" server, that could be run by a real popular server like lifeboat for example, but the server owner could add other community run servers for authentication. This way, only one person needs to register an account one one server, and it would work on (most) servers.
  16. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,306
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Or, we can have a scheme where you compare the timestamps when two registrations of the same name registered. The smaller timestamp wins. But still, vulnerable for malicious servers because timestamps can be forged.
  17. Humerus
    Offline

    Humerus Staff Member Plugin Reviewer

    Joined:
    Aug 23, 2013
    Posts:
    114
    Plugins:
    1
    Truthfully, there are flaws in any authentication system (other than one that is built using sessions rather than user/passwords (like mcpc)). The system I developed a while ago implemented an indirect authentication method that used Google and married that account to a certain mcpe username. It seemed to work fairly well, but I stopped perusing it after hearing multiplayer sessions may be coming soon. Users never entered a password, and it seemed secure.

Share This Page

Advertisement