Placeholder Default Image

xAuth v2.4.x
Authentication plugin for bukkit powered servers


xAuth is a second-factor authentication plugin that can be used to secure player accounts on your server. As the plugin has been enhanced over time, the direction and main purpose have expanded to new possibilities. Let's say you run a community page. With xAuth, players can authenticate using their forum accounts or using a web-driven account management system. It is also possible to get the credentials from a foreign database.

News and Updates

Please checkout News and upcoming changes for news and update notices.


The basic idea of this protection plugin is allowing players to register an account based on their player name and a supplied password and optionally their email-address. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.

Permissions (READ ME)

This plugin has the ability to block almost any action (including command execution) for guests and registered xauth players. It also does not use negated permissions in order to not interfere with existing plugins. Permissions are "allowed" or "restricted".

In order to restrict certain actions executed by registered xauth players you need to restrict them since xauth players are trusted. This is different from guests since the default for guests is always "restrict" if not set since a guest is an unknown state. Guest nodes can also only be set via configuration and have the last say even if you might have the right to execute any command.

Please keep in mind in order to block admin commands you need to restrict them via xauth.restrict.player.command.xauth.* or add each command to a group.

This might be confusing at first but has its cons since you always can see if a permission is restricted or allowed via permission node and not via bullet point. More details can be found on page Permission-System


  • Before registering/logging in, players can't:
    • Chat, execute commands, interact with objects (like levers or chests), move or pickup items
    • Break or place blocks
    • Receive or give damage, be targeted (followed) by hostile mobs
  • Inventory and location protection
  • In-depth setting and message configuration
  • Persistent login session through server restarts
  • Player name filter and password complexity configuration
  • Kick non-logged in (but registered) players after a configureable amount of time
  • Fine graded Permission System that also allows you to block interactions or commands
  • Permissions support (PermissionsEx, Bukkit, GroupManager)
  • Kick or temporarily lockout the IP address of a player who fials to log in after a configureable amount of tries
  • Custom, highly secure password hashing
  • Authenticate yourself with /login <password>
  • H2 / mySQL Database storage supported
  • Authentication over URL (AuthURL) allows for connection to forum or website databases
  • Auto-Updater (thanks to Gravity)


Checkout the News & Upcoming-Changes page for details.


The Wiki is located on github.
Please visit the http://bukkit.luricos.de/ress/icons/github_16.png Github Project-Page and click on Wiki


All credits goes to CypherX from bukkit forums who created this plugin. Thanks for your work and long time support!

The old bukkit-thread can be found here

You must login to post a comment. Don't have an account? Register to get one!

  • Avatar of DrWurzeli DrWurzeli Aug 27, 2014 at 19:52 UTC - 0 likes

    Please push out an update, that fixes this weird error with the unsafe enchantments. They all get cleared (books, coloured items, ...) and if you have showInventory on true, people can not login while having items like those in their inventory. This never happened before. Please update! (Best without UUIDs)

  • Avatar of TheMuffinMon TheMuffinMon Jul 28, 2014 at 01:46 UTC - 0 likes

    oh god please tell me this isnt abandoned

  • Avatar of GoldenEagle1995 GoldenEagle1995 Jul 03, 2014 at 14:43 UTC - 0 likes

    if someone knows how to export authme reloaded db to xauth please let me know with a private message thanks.

  • Avatar of MrThibni MrThibni Jul 01, 2014 at 20:03 UTC - 0 likes

    Hi, can I change the colors of messages.yml to the formatting codes of minecraft?

  • Avatar of EDWIN3150 EDWIN3150 Jun 13, 2014 at 20:12 UTC - 1 like

    Could you add a feature to xAuth where it blocks BungeeCord commands without being logged in because players without being logged in can still do /server


  • Avatar of omgitsbob12 omgitsbob12 Jun 12, 2014 at 04:31 UTC - 0 likes

    @luricos: Go

    How would I do it manually, if you mean by copying and pasting, it would take a very long time because it has a couple hundred accounts.

  • Avatar of luricos luricos Jun 11, 2014 at 10:12 UTC - 0 likes

    @omgitsbob12: Go

    Yes, sqlite and mysql are not that different from each other in syntax.

    You would have to do this manually since xAuthImporter does not know the current database layout.

    If this is not urgent i recommend giving me some time to fix this so you can convert it via xAuthImporter.

  • Avatar of luricos luricos Jun 11, 2014 at 10:09 UTC - 0 likes

    Shit happened again :/ My system-drive died at thursday last week. Since i could not get a replacement in time and monday (9th) was holiday i need to find one this week. As soon as i can install the replacement you get a build.

    Current estimate is end of the week.

    @iChillings: Go

    The current version is not compatible with the latest RB since there are too many changes. I will try to get a working version out as soon as possible.

  • Avatar of iChillings iChillings Jun 08, 2014 at 21:35 UTC - 0 likes

    Dear plugin-owner(s),

    I love your plugin! I'm an happy user for 3 years, but since a few days, I get this weird and annoying error in my console (users can't login, so, my offline server won't work):

    [23:33:12] [Server thread/INFO]: iChillings issued server command: /login XXXmypasswordXXX
    [23:33:12] [Server thread/ERROR]: null
    org.bukkit.command.CommandException: Unhandled exception executing command 'login' in plugin xAuth v2.4.4
    	at org.bukkit.command.PluginCommand.execute(PluginCommand.java:46) ~[spigot.jar:git-Spigot-1463]
    	at org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:180) ~[spigot.jar:git-Spigot-1463]
    	at org.bukkit.craftbukkit.v1_7_R3.CraftServer.dispatchCommand(CraftServer.java:728) ~[spigot.jar:git-Spigot-1463]
    	at net.minecraft.server.v1_7_R3.PlayerConnection.handleCommand(PlayerConnection.java:985) [spigot.jar:git-Spigot-1463]
    	at net.minecraft.server.v1_7_R3.PlayerConnection.a(PlayerConnection.java:830) [spigot.jar:git-Spigot-1463]
    	at net.minecraft.server.v1_7_R3.PacketPlayInChat.a(PacketPlayInChat.java:28) [spigot.jar:git-Spigot-1463]
    	at net.minecraft.server.v1_7_R3.PacketPlayInChat.handle(PacketPlayInChat.java:65) [spigot.jar:git-Spigot-1463]
    	at net.minecraft.server.v1_7_R3.NetworkManager.a(NetworkManager.java:180) [spigot.jar:git-Spigot-1463]
    	at net.minecraft.server.v1_7_R3.ServerConnection.c(ServerConnection.java:81) [spigot.jar:git-Spigot-1463]
    	at net.minecraft.server.v1_7_R3.MinecraftServer.v(MinecraftServer.java:713) [spigot.jar:git-Spigot-1463]
    	at net.minecraft.server.v1_7_R3.DedicatedServer.v(DedicatedServer.java:283) [spigot.jar:git-Spigot-1463]
    	at net.minecraft.server.v1_7_R3.MinecraftServer.u(MinecraftServer.java:576) [spigot.jar:git-Spigot-1463]
    	at net.minecraft.server.v1_7_R3.MinecraftServer.run(MinecraftServer.java:482) [spigot.jar:git-Spigot-1463]
    	at net.minecraft.server.v1_7_R3.ThreadServerApplication.run(SourceFile:628) [spigot.jar:git-Spigot-1463]
    Caused by: java.lang.NullPointerException
    	at de.luricos.bukkit.xAuth.PlayerDataHandler.buildItemStack(PlayerDataHandler.java:190) ~[?:?]
    	at de.luricos.bukkit.xAuth.PlayerDataHandler.restoreData(PlayerDataHandler.java:269) ~[?:?]
    	at de.luricos.bukkit.xAuth.PlayerManager.unprotect(PlayerManager.java:275) ~[?:?]
    	at de.luricos.bukkit.xAuth.PlayerManager.doLogin(PlayerManager.java:561) ~[?:?]
    	at de.luricos.bukkit.xAuth.commands.LoginCommand.onCommand(LoginCommand.java:65) ~[?:?]
    	at org.bukkit.command.PluginCommand.execute(PluginCommand.java:44) ~[spigot.jar:git-Spigot-1463]
    	... 13 more

    I hope you can help me!

    Sorry for my bad English, i'm Dutch.

    Last edited Jun 08, 2014 by iChillings


Date created
Jan 23, 2012
Last update
Oct 22, 2013
Development stage
  • enUS
GNU General Public License version 3 (GPLv3)
Curse link
Recent files



Optional dependency