feat: Add configurable authlib-injector API path and HTTP support for Yggdrasil auth#2963
Merged
milutinke merged 1 commit intoMCCTeam:masterfrom Mar 22, 2026
Merged
Conversation
milutinke
changed the title
…asil auth Re-implements the changes from PR MCCTeam#2890, adapted for the current codebase which uses System.Text.Json.Nodes and HttpClient instead of the legacy Json.JSONData and hand-rolled SslStream HTTP client. Changes: - Settings.cs: Convert AuthlibServer from struct to class with [TomlDoNotInlineObject]; convert Host to a property that parses 'host:port' syntax; add AuthlibInjectorAPIPath (default '/api/yggdrasil') for servers that use a different prefix (e.g. Drasl uses '/authlib-injector'); add UseHttps (default true) so local/dev auth servers without TLS work. - ConfigComments.resx: Add descriptive inline comments for the new AuthlibServer fields (Host, Port, AuthlibInjectorAPIPath, UseHttps). - ProtocolHandler.cs: Replace three hardcoded '/api/yggdrasil/...' paths with AuthlibInjectorAPIPath-based paths (authenticate, refresh, join). Replace hand-rolled TcpClient+SslStream HTTP in DoHTTPSRequest with HttpClient+SocketsHttpHandler (ConnectCallback routes through ProxyHandler). Add useHttps parameter so HTTP-only auth servers are supported. - KeyUtils.cs: Add AuthServerSupportsProfileKeys() that fetches the authlib-injector metadata endpoint and checks feature.enable_profile_key. Update GetNewProfileKeys() to skip key fetch when the auth server does not support profile keys; build the cert URL dynamically using AuthlibInjectorAPIPath for Yggdrasil; always fetch real certs instead of returning a dummy response. Remove MakeDummyResponse() which is no longer needed. Tested against a local Drasl instance with authlib-injector 1.2.7 on a 1.21.11 Minecraft server — full auth flow (login, profile key fetch, session join) confirmed working end-to-end. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
milutinke
force-pushed
the
authlib-injector-accounts
branch
from
966a7f9 to
ff9aa62
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Re-implements the changes from PR #2890 authored by @evan-goode , adapted for the current codebase which uses System.Text.Json.Nodes and HttpClient instead of the legacy Json.JSONData and hand-rolled SslStream HTTP client.
Changes:
Settings.cs: Convert AuthlibServer from struct to class with [TomlDoNotInlineObject]; convert Host to a property that parses 'host:port' syntax; add AuthlibInjectorAPIPath (default '/api/yggdrasil') for servers that use a different prefix (e.g. Drasl uses '/authlib-injector'); add UseHttps (default true) so local/dev auth servers without TLS work.
ConfigComments.resx: Add descriptive inline comments for the new AuthlibServer fields (Host, Port, AuthlibInjectorAPIPath, UseHttps).
ProtocolHandler.cs: Replace three hardcoded '/api/yggdrasil/...' paths with AuthlibInjectorAPIPath-based paths (authenticate, refresh, join). Replace hand-rolled TcpClient+SslStream HTTP in DoHTTPSRequest with HttpClient+SocketsHttpHandler (ConnectCallback routes through ProxyHandler). Add useHttps parameter so HTTP-only auth servers are supported.
KeyUtils.cs: Add AuthServerSupportsProfileKeys() that fetches the authlib-injector metadata endpoint and checks feature.enable_profile_key. Update GetNewProfileKeys() to skip key fetch when the auth server does not support profile keys; build the cert URL dynamically using AuthlibInjectorAPIPath for Yggdrasil; always fetch real certs instead of returning a dummy response. Remove MakeDummyResponse() which is no longer needed.
Tested against a local Drasl instance with authlib-injector 1.2.7 on a 1.21.11 Minecraft server — full auth flow (login, profile key fetch, session join) confirmed working end-to-end.