DevAuth

Safely authenticate Minecraft accounts in development environments.

Minecraft Version Support

Versions	Module	Supported
1.14 - 1.21 Fabric	fabric	✅
1.8.9 - 1.12.2 Forge	forge-legacy	✅
1.14 - 1.21 Forge	forge-latest	✅
1.20.4 - 1.21 NeoForge	neoforge	✅

Note: If a version isn't listed above as supported, just try it. Additionally, the fabric module may work on other fabric-based loaders (such as legacy-fabric).

Usage

DevAuth can be used either by placing a jar in your mods folder or adding a maven dependency. Details about the two methods follow.

Jar

Download a DevAuth jar from the releases, place it in your mods folder and configure it using the configuration section below.

Maven Dependency

Add the DevAuth repository

repositories {
    maven { url = "https://pkgs.dev.azure.com/djtheredstoner/DevAuth/_packaging/public/maven/v1" }
}

Add the DevAuth dependency

dependencies {
    // moduleName is based on your mod loader and minecraft version, see the table above
    // version is the DevAuth version you are adding, check releases on GitHub or the badge above
    // With loom use the modRuntimeOnly configuration
    // With archloom and the forge-legacy module use the runtimeOnly configuration to avoid warnings
    // With ForgeGradle 5 or NeoGradle, use the runtimeOnly configuration
    // With ForgeGradle 2, use the implementation configuration as runtimeOnly appears to be broken
    modRuntimeOnly("me.djtheredstoner:DevAuth-${moduleName}:${version}")
}

You can now enable and configure DevAuth. See the next section for how to do this.

Configuration

DevAuth defaults to disabled, in order to be unobtrusive. You must enable DevAuth in order for it to log you in. Additionally, the configuration file will not be created if DevAuth is disabled. You should enable DevAuth once via the JVM property, so that it creates the configuration file, then you may configure it via the file.

DevAuth is configured through JVM properties and a configuration file. JVM Properties can set be by adding -D<propertyName>=<value> to your JVM arguments or by using System.setProperty before DevAuth is initialized (Fabric's preLaunch entrypoint for example). Additionally, your specific toolchain/gradle plugins may have specific ways to configure JVM properties.

JVM Properties

Property	Description	Default
devauth.enabled	Enables DevAuth	false
devauth.configDir	Selects the config directory	See below
devauth.account	Select the account to log into	none

Configuration File

The configuration file is called config.toml and is located in your DevAuth config folder.

Default config directory locations

OS	Default config directory
Windows	C:\Users\<user>\.devauth
MacOS	/Users/<user>/.devauth
Linux	$XDG_CONFIG_HOME/devauth, defaulting to ~/.config/devauth

Config file format

# Choose if DevAuth should be enabled default. Overriden by the devauth.enabled property.
defaultEnabled = true

# Choose which account to use when devauth.account property is not specified
defaultAccount = "main"

# A Microsoft account
# You do not need to put any credentials in the configuration file, as OAuth is used to sign in
[accounts.main]
type = "microsoft"

# A second account, which can be selected by changing defaultAccount above or using the devauth.account property
[accounts.alt]
type = "microsoft"

When the devauth.account property is specified it takes precedence over the defaultAccount config option.

A default config will be automatically created when DevAuth is first enabled.

How it works

When logging in with a microsoft account for the first time, you will be given a link to open in a browser to complete OAuth, after that the token will be stored in a file called microsoft_accounts.json in your config directory. Future logins will use and refresh the stored tokens as necessary. You will be prompted to go through OAuth again once your refresh token expires (most likely to occur after a long period without using DevAuth) or is revoked.

Security

DevAuth stores all credentials locally on your machine. The Microsoft account tokens are stored in microsoft_accounts.json inside the DevAuth configuration directory. The contents of this file are not encrypted, so do not share it or open it when it may be seen. If you want to revoke DevAuth's permissions or believe this file may have been compromised, DevAuth's permissions can be revoked here. Note that this does not immediately revoke all access tokens, due to design decisions by Microsoft. See here for more information.

Discord