Advertisement
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Potential Authentication System

Comments in 'General Discussion' started by Falk, Nov 6, 2014.

  1. Falk
    Offline

    Falk Staff Member Global Moderator

    Joined:
    Sep 2, 2013
    Posts:
    1,706
    Plugins:
    22
    Minecraft User:
    Falkirknh
    Yesterday I thought of a concept that could drastically improve authentication. Why not store the password in the server hostname? Obviously this exposes some potential issues, but I think I have an implementation idea which could hypothetically work and work well. Any suggestions or issues would be greatly appreciated.

    There will be three services involved in authentication:
    • the MCPE client
    • the PocketMine server (with a special plugin installed)
    • the Login MCPE server
    • and a central session server
    Concept breakdown
    The basic concept is that the player can sign up on a central website and then add MCPE clients via a web interface each which will get a unique hostname to add to their server list.

    When the player joins this server a few things happen. The server finds the account which the device belongs to. Then the server analyses the player username sent by MCPE. If it is different than the MCPE username in the records and the username isn't used by another player, then the records on the website will be updated.

    When the player joins a supported server, the server will contact the central authentication server with the username and IP. The central sever will look for open sessions with that name and IP and translate it into a UUID which will be returned to the PM server. The authentication plugin will expose methods for getting player UUIDs.

    Authentication modes
    I am leaning towards the implementation of two separate authentication "modes" which can be configured on the central website. The first will have you join your special server before you join a supported server. This might be preferable in some instances. The second is the fancy one, you join once to login and then you can join again to logout. Your login will be bound to your IP in the database, you will be logged on if your device logs in on another wifi network.


    I know @Dalton posted an authentication idea and it looks like I got this from there, but I thought about this on the way home before seeing his post.
  2. DovahDoVolom
    Offline

    DovahDoVolom Active Member

    Joined:
    Nov 29, 2013
    Posts:
    76
    Minecraft User:
    DovahDoVolom
    Will it allow for easy website integration? Like displaying a list of register players on a website. (displaying kills, joined count, and rank would be good too XD)
  3. Falk
    Offline

    Falk Staff Member Global Moderator

    Joined:
    Sep 2, 2013
    Posts:
    1,706
    Plugins:
    22
    Minecraft User:
    Falkirknh
    This isn't like @Dalton's system, this is going to be a login synchronization system. I don't think it's the login systems job to log kills and stats. @Dalton's is a login system with a CTF plugin on top for logging kills and stuff.
    TonyDroidd likes this.
  4. codmadnesspro
    Offline

    codmadnesspro Notable Member Plugin Developer

    Joined:
    Sep 11, 2013
    Posts:
    551
    Plugins:
    1
    Minecraft User:
    Codmadnesspro
    Nice idea
  5. SpiderPig
    Offline

    SpiderPig Active Member

    Joined:
    Sep 21, 2013
    Posts:
    128
    Minecraft User:
    SpiderPig
    @Dalton 's System is exactly the same as this no logging
  6. TonyDroidd
    Offline

    TonyDroidd Active Member

    Joined:
    Sep 6, 2014
    Posts:
    180
    Minecraft User:
    TonyDroidd
    thats nice idea
  7. LDX
    Offline

    LDX Notable Member Plugin Developer

    Joined:
    Oct 2, 2013
    Posts:
    1,397
    Plugins:
    14
    Sounds like the one I made for my server. :p I wish I could submit it on the repository... SimpleAuth doesn't even work anymore.
    iJoshuaHD and TonyDroidd like this.
  8. TonyDroidd
    Offline

    TonyDroidd Active Member

    Joined:
    Sep 6, 2014
    Posts:
    180
    Minecraft User:
    TonyDroidd
    Share your plugin:p
  9. DovahDoVolom
    Offline

    DovahDoVolom Active Member

    Joined:
    Nov 29, 2013
    Posts:
    76
    Minecraft User:
    DovahDoVolom
    Yeah release the github page I would love to try it!
  10. LDX
    Offline

    LDX Notable Member Plugin Developer

    Joined:
    Oct 2, 2013
    Posts:
    1,397
    Plugins:
    14
    Dudes, I'm not trying to threadjack. The public release isn't quite done, anyway.
    Falk likes this.
  11. Dalton
    Offline

    Dalton Banned

    Joined:
    Jul 7, 2014
    Posts:
    38
    Minecraft User:
    DALTONTASTIC
    Just like it says on our homepage "There's nothing wrong with a little competition".
  12. Falk
    Offline

    Falk Staff Member Global Moderator

    Joined:
    Sep 2, 2013
    Posts:
    1,706
    Plugins:
    22
    Minecraft User:
    Falkirknh
    Nope, this system attempts to provide a UUID based system like Mojang does with Minecraft. My system will be an authentication and nothing beyond that, I don't want to create some business sceme, I just want to provide a stable authentication system. Also @Dalton is just suggesting to remake SimpleAuth but have it contact an external service, my concept is something which has never been suggested.
    LDX and iJoshuaHD like this.
  13. Falk
    Offline

    Falk Staff Member Global Moderator

    Joined:
    Sep 2, 2013
    Posts:
    1,706
    Plugins:
    22
    Minecraft User:
    Falkirknh
    If you can't submit it on the repo then it's not the same thing, mine will be much more secure then any pre-existing system as servers never touch a password. It's a whole different kettle of fish :)
    LDX likes this.
  14. Falk
    Offline

    Falk Staff Member Global Moderator

    Joined:
    Sep 2, 2013
    Posts:
    1,706
    Plugins:
    22
    Minecraft User:
    Falkirknh
    Just a note, I made this thread to get feedback and support. I am looking through all your comments and it is clear that not one of you has read the entirety of the thread. This wastes our time.
    PEMapModder, Dutok and iJoshuaHD like this.
  15. iJoshuaHD
    Offline

    iJoshuaHD Notable Member Plugin Developer

    Joined:
    Nov 7, 2013
    Posts:
    1,167
    Plugins:
    4
    Minecraft User:
    iJoshuaHD
    still hoping for mojang to implement their auth servers on mcpe.
    Dutok and LDX like this.
  16. DovahDoVolom
    Offline

    DovahDoVolom Active Member

    Joined:
    Nov 29, 2013
    Posts:
    76
    Minecraft User:
    DovahDoVolom
    I see one question in the thread. Go ahead and store where u want. As long as it does what it was made to do, create a user login, effectively and efficiently I'm good.
  17. Dalton
    Offline

    Dalton Banned

    Joined:
    Jul 7, 2014
    Posts:
    38
    Minecraft User:
    DALTONTASTIC
    I never said it was powered by SimpleAuth.. This program is being built from scratch.
  18. ProjectInfinity
    Offline

    ProjectInfinity Active Member Plugin Developer

    Joined:
    Sep 7, 2014
    Posts:
    112
    Plugins:
    3
    Minecraft User:
    ProjectInfinity
    @Falk So what you are saying is that in the end it all boils down to IP? Excuse me if I fail to see how this is better than a password system.
  19. Falk
    Offline

    Falk Staff Member Global Moderator

    Joined:
    Sep 2, 2013
    Posts:
    1,706
    Plugins:
    22
    Minecraft User:
    Falkirknh
    For a number of reasons, the most prominent is that the password system we are using isn't safe so why go to all the trouble. This system will also expose a UUID system which will allow players to change their username whenever they want. Also, I hate to be technical but everything boils down to IP :)
    PEMapModder likes this.
  20. Falk
    Offline

    Falk Staff Member Global Moderator

    Joined:
    Sep 2, 2013
    Posts:
    1,706
    Plugins:
    22
    Minecraft User:
    Falkirknh
    I am saying that your system will appease to be exactly the same as SimpleAuth to the end user.

Share This Page

Advertisement