xAuth
xAuth v2.6.x
Authentication plugin for bukkit powered servers
About
xAuth is a second-factor authentication plugin that can be used to secure player accounts on your server. As the plugin has been enhanced over time, the direction and main purpose have expanded to new possibilities. Let's say you run a community page. With xAuth, players can authenticate using their forum accounts or using a web-driven account management system. It is also possible to get the credentials from a foreign database.
Important Notice
Before upgrading please read xAuth Documentation (external link). I have added documenation to my Confluence instance that will be updated over time. Permissions Node changed! If you get "command is restricted" you most likely did not check the release log.
Further Instructions can be found there.
Concept
The basic idea of this protection plugin is allowing players to register an account based on their player name and a supplied password and optionally their email-address. When a registered player connects to the server, that player will be prompted to authenticate his or herself by logging in. If and only if a valid password is supplied, they will regain full control of their account until their session expires.
Permissions (READ ME)
This plugin has the ability to block almost any action (including command execution) for guests and registered xauth players. It also does not use negated permissions in order to not interfere with existing plugins. Permissions are "allowed" or "restricted".
Important-Note:
In order to restrict certain actions executed by registered xauth players you need to restrict them since xauth players are trusted. This is different from guests since the default for guests is always "restrict" if not set since a guest is an unknown state. Guest nodes can also only be set via configuration and have the last say even if you might have the right to execute any command.
Please keep in mind in order to block admin commands you need to restrict them via xauth.restrict.player.command.xauth.* or add each command to a group.
This might be confusing at first but has its cons since you always can see if a permission is restricted or allowed via permission node and not via bullet point. More details can be found on page Permission-System
Features
- Before registering/logging in, players can't:
- Chat, execute commands, interact with objects (like levers or chests), move or pickup items
- Break or place blocks
- Receive or give damage, be targeted (followed) by hostile mobs
- Inventory and location protection
- Command TabCompletion including Configuration Node Browser!
- In-depth setting and message configuration
- Persistent login session through server restarts
- Player name filter and password complexity configuration
- Kick non-logged in (but registered) players after a configureable amount of time
- Fine graded Permission System that also allows you to block interactions or commands
- Permissions support (PermissionsEx, Bukkit, GroupManager)
- Kick or temporarily lockout the IP address of a player who fials to log in after a configureable amount of tries
- Custom, highly secure password hashing
- Authenticate yourself with /login <password>
- H2 / mySQL Database storage supported
- Authentication over URL (AuthURL) allows for connection to forum or website databases
- Auto-Updater (thanks to Gravity)
News
Checkout the News & Upcoming-Changes page for details.
Wiki
The Wiki is located on github.
Please visit the Github Project-Page and click on Wiki
Credits
All credits goes to CypherX from bukkit forums who created this plugin. Thanks for your work and long time support!
The old bukkit-thread can be found here
Contact
If you need help regarding the plugin please use the Issue Link in the navigation bar or contact me via private message.
Since i saw a comment from 28.04. this year i would like to give a short status update. Im working on WormholeXTreme at the moment. After release i will work again on this plugin.
version 1.12.2?
All work for my mods, but dont work permissions for commands /login /register any way...
permissions:
- xauth.allow.*
- xauth.*
- xauth.guest.allow.command.pre.register
- guest.allow.command.pre.register
- xauth.allow.*
- guest.allow.*
- guest.allow.command.pre.*
- xauth.allow.player.command.*
- guest.allow.command.pre.register
- xauth.register
- xauth.guest.allow.command.register
- xauth.allow.command.register
can you give me open code, or solve this problem?
In reply to RealPlayTV:
I need to update this plugin first before it can be installed on anything later than 1.7.x
In reply to LycanDev:
I need plugin for 1.7.10 and plugin working for my mod (block user without crash), but I cant receive permission to /login /register
In reply to RealPlayTV:
Help me Please.
As active and give permissions in minecraft
Todays update: I have created a design for my website. It will give you a better overview about whats going on and let you know what issues im about to resolve.
Furthermore i cleaned up jira users since my plan is to let issues come in via servicedesk and create tickets from real issues in development project on jira. Everything else .. questions, support and super cool ideas you might have are visible in servicedesk.
You can still sign up via jira but creating a ticket in my development project will not be possible but you can watch them and see whats going on ;) I believe this will help me working on specific issues rather than seeing more and more tickets coming in ;)
Next step will be creating the portal website from design.
Hi there and happy new year! Im currently working on updating / creating a propper support chain.
Currently the following is done:
* Nexus Repository 3 OSS up and running providing access to published plugins as a dependency in your maven projects (if needed). Keep in mind you should always download the plugin from this dev.bukkit.org.
* Jira updated to latest version
* Confluence updated to latest version (for documentation)
Todo:
* Setting up ServiceDesk as support chain.
Jira is still open to checkout what im working on but creating issues will be transfered to ServiceDesk so you dont have to worry about creating the right issue or giving a good title. ServiceDesk also comes with a portal which in my opinion is better suited for support since you can go through a menu of preset items which directs you to the right place and all you have to worry about is "Write your text"
* Releasing the plugin for latest bukkit build.
Take care. See you soon.
For what version of minecraft server does this plugin work?
Is possible to make users need to be registered to a forum before being able to play in the server?!
Also is this working for 1.12.2?
In reply to DkOnlineGameplays:
Is this works for 1.8.9?
In reply to Invernoo:
not yet. Will come back to it though. Lot has changed over the years.
@luricos
It's been months. Still no new update
@luricos
Any news on a update, I have a auth plugin but I still looking around for one, yours says the user can register and set up via a website, this is what I want then users login via the game no register in game so I can manage my user base online without a problem.
im currently updating my development environment and will bring out a compatible version.
almost everyone is now in java 8 and this was/is the best auth plugin for bukkit/spigot, u.u i tried by myself to fix the permission issue in java 8 but i failed :C but is normal because i only know the basic of java, authme cause lag spikes and lag when a player join, but back in time when i was using xauth all was smoth and fast :D i dont want to this plugin die in the shadows like a lot of great plugins, anyways great work on keeping xauth alive
@games647
Unfortunately that doesn't seem to work, apparently only working for Java Versions under 7.
@XxDawnsusxX
https://github.com/WolfNetDevelopment/xAuth/wiki/Commands-and-Permissions
What are the permissions to add so players can register/login?