Port to MinecraftAuth

bootstrap/mod/fabric/build.gradle.kts

@@ -25,7 +25,7 @@ dependencies {
     shadow(libs.protocol.connection) { isTransitive = false }
     shadow(libs.protocol.common) { isTransitive = false }
     shadow(libs.protocol.codec) { isTransitive = false }
-    shadow(libs.mcauthlib) { isTransitive = false }
+    shadow(libs.minecraftauth) { isTransitive = false }
     shadow(libs.raknet) { isTransitive = false }
 
     // Consequences of shading + relocating mcauthlib: shadow/relocate mcpl!

core/build.gradle.kts

@@ -25,11 +25,10 @@ dependencies {
 
     api(libs.bundles.protocol)
 
-    api(libs.mcauthlib)
+    api(libs.minecraftauth)
     api(libs.mcprotocollib) {
         exclude("io.netty", "netty-all")
-        exclude("com.github.GeyserMC", "packetlib")
-        exclude("com.github.GeyserMC", "mcauthlib")
+        exclude("net.raphimc", "MinecraftAuth")
     }
 
     implementation(libs.raknet) {

core/src/main/java/org/geysermc/geyser/Constants.java

@@ -39,7 +39,9 @@ public final class Constants {
     public static final String GEYSER_DOWNLOAD_LOCATION = "https://geysermc.org/download";
     public static final String UPDATE_PERMISSION = "geyser.update";
 
+    @Deprecated
     static final String SAVED_REFRESH_TOKEN_FILE = "saved-refresh-tokens.json";
+    static final String SAVED_AUTH_CHAINS_FILE = "saved-auth-chains.json";
 
     public static final String GEYSER_CUSTOM_NAMESPACE = "geyser_custom";
 
@@ -54,4 +56,4 @@ public final class Constants {
         }
         GLOBAL_API_WS_URI = wsUri;
     }
-}
+}

core/src/main/java/org/geysermc/geyser/GeyserImpl.java

@@ -29,6 +29,7 @@
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.gson.Gson;
 import io.netty.channel.epoll.Epoll;
 import io.netty.util.NettyRuntime;
 import io.netty.util.concurrent.DefaultThreadFactory;
@@ -38,6 +39,8 @@
 import lombok.Setter;
 import net.kyori.adventure.text.Component;
 import net.kyori.adventure.text.format.NamedTextColor;
+import net.raphimc.minecraftauth.step.java.session.StepFullJavaSession;
+import net.raphimc.minecraftauth.step.msa.StepMsaToken;
 import org.checkerframework.checker.nullness.qual.MonotonicNonNull;
 import org.checkerframework.checker.nullness.qual.NonNull;
 import org.checkerframework.checker.nullness.qual.Nullable;
@@ -93,6 +96,7 @@
 import org.geysermc.geyser.util.CooldownUtils;
 import org.geysermc.geyser.util.DimensionUtils;
 import org.geysermc.geyser.util.Metrics;
+import org.geysermc.geyser.util.MinecraftAuthLogger;
 import org.geysermc.geyser.util.NewsHandler;
 import org.geysermc.geyser.util.VersionCheckUtils;
 import org.geysermc.geyser.util.WebUtils;
@@ -179,7 +183,7 @@ public class GeyserImpl implements GeyserApi {
 
     private PendingMicrosoftAuthentication pendingMicrosoftAuthentication;
     @Getter(AccessLevel.NONE)
-    private Map<String, String> savedRefreshTokens;
+    private Map<String, String> savedAuthChains;
 
     @Getter
     private static GeyserImpl instance;
@@ -552,37 +556,84 @@ private void startInstance() {
 
         if (config.getRemote().authType() == AuthType.ONLINE) {
             // May be written/read to on multiple threads from each GeyserSession as well as writing the config
-            savedRefreshTokens = new ConcurrentHashMap<>();
+            savedAuthChains = new ConcurrentHashMap<>();
 
-            File tokensFile = bootstrap.getSavedUserLoginsFolder().resolve(Constants.SAVED_REFRESH_TOKEN_FILE).toFile();
-            if (tokensFile.exists()) {
+            // TODO Remove after a while - just a migration help
+            //noinspection deprecation
+            File refreshTokensFile = bootstrap.getSavedUserLoginsFolder().resolve(Constants.SAVED_REFRESH_TOKEN_FILE).toFile();
+            if (refreshTokensFile.exists()) {
+                logger.info("Migrating refresh tokens to auth chains...");
+                TypeReference<Map<String, String>> type = new TypeReference<>() { };
+                Map<String, String> refreshTokens = null;
+                try {
+                    refreshTokens = JSON_MAPPER.readValue(refreshTokensFile, type);
+                } catch (IOException e) {
+                    // ignored - we'll just delete this file :))
+                }
+
+                if (refreshTokens != null) {
+                    List<String> validUsers = config.getSavedUserLogins();
+                    final Gson gson = new Gson();
+                    for (Map.Entry<String, String> entry : refreshTokens.entrySet()) {
+                        String user = entry.getKey();
+                        if (!validUsers.contains(user)) {
+                            continue;
+                        }
+
+                        // Migrate refresh tokens to auth chains
+                        try {
+                            StepFullJavaSession javaSession = PendingMicrosoftAuthentication.AUTH_FLOW.apply(false, 10);
+                            StepFullJavaSession.FullJavaSession fullJavaSession = javaSession.getFromInput(
+                                MinecraftAuthLogger.INSTANCE,
+                                PendingMicrosoftAuthentication.AUTH_CLIENT,
+                                new StepMsaToken.RefreshToken(entry.getValue())
+                            );
+
+                            String authChain = gson.toJson(javaSession.toJson(fullJavaSession));
+                            savedAuthChains.put(user, authChain);
+                        } catch (Exception e) {
+                            GeyserImpl.getInstance().getLogger().warning("Could not migrate " + entry.getKey() + " to an auth chain! " +
+                                "They will need to sign in the next time they join Geyser.");
+                        }
+
+                        // Ensure the new additions are written to the file
+                        scheduleAuthChainsWrite();
+                    }
+                }
+
+                // Finally: Delete it. Goodbye!
+                refreshTokensFile.delete();
+            }
+
+            File authChainsFile = bootstrap.getSavedUserLoginsFolder().resolve(Constants.SAVED_AUTH_CHAINS_FILE).toFile();
+            if (authChainsFile.exists()) {
                 TypeReference<Map<String, String>> type = new TypeReference<>() { };
 
-                Map<String, String> refreshTokenFile = null;
+                Map<String, String> authChainFile = null;
                 try {
-                    refreshTokenFile = JSON_MAPPER.readValue(tokensFile, type);
+                    authChainFile = JSON_MAPPER.readValue(authChainsFile, type);
                 } catch (IOException e) {
                     logger.error("Cannot load saved user tokens!", e);
                 }
-                if (refreshTokenFile != null) {
+                if (authChainFile != null) {
                     List<String> validUsers = config.getSavedUserLogins();
                     boolean doWrite = false;
-                    for (Map.Entry<String, String> entry : refreshTokenFile.entrySet()) {
+                    for (Map.Entry<String, String> entry : authChainFile.entrySet()) {
                         String user = entry.getKey();
                         if (!validUsers.contains(user)) {
                             // Perform a write to this file to purge the now-unused name
                             doWrite = true;
                             continue;
                         }
-                        savedRefreshTokens.put(user, entry.getValue());
+                        savedAuthChains.put(user, entry.getValue());
                     }
                     if (doWrite) {
-                        scheduleRefreshTokensWrite();
+                        scheduleAuthChainsWrite();
                     }
                 }
             }
         } else {
-            savedRefreshTokens = null;
+            savedAuthChains = null;
         }
 
         newsHandler.handleNews(null, NewsItemAction.ON_SERVER_STARTED);
@@ -829,20 +880,20 @@ public WorldManager getWorldManager() {
     }
 
     @Nullable
-    public String refreshTokenFor(@NonNull String bedrockName) {
-        return savedRefreshTokens.get(bedrockName);
+    public String authChainFor(@NonNull String bedrockName) {
+        return savedAuthChains.get(bedrockName);
     }
 
-    public void saveRefreshToken(@NonNull String bedrockName, @NonNull String refreshToken) {
+    public void saveAuthChain(@NonNull String bedrockName, @NonNull String authChain) {
         if (!getConfig().getSavedUserLogins().contains(bedrockName)) {
             // Do not save this login
             return;
         }
 
         // We can safely overwrite old instances because MsaAuthenticationService#getLoginResponseFromRefreshToken
         // refreshes the token for us
-        if (!Objects.equals(refreshToken, savedRefreshTokens.put(bedrockName, refreshToken))) {
-            scheduleRefreshTokensWrite();
+        if (!Objects.equals(authChain, savedAuthChains.put(bedrockName, authChain))) {
+            scheduleAuthChainsWrite();
         }
     }
 
@@ -852,15 +903,15 @@ private <T> void runIfNonNull(T nullable, Consumer<T> consumer) {
         }
     }
 
-    private void scheduleRefreshTokensWrite() {
+    private void scheduleAuthChainsWrite() {
         scheduledThread.execute(() -> {
             // Ensure all writes are handled on the same thread
-            File savedTokens = getBootstrap().getSavedUserLoginsFolder().resolve(Constants.SAVED_REFRESH_TOKEN_FILE).toFile();
+            File savedAuthChains = getBootstrap().getSavedUserLoginsFolder().resolve(Constants.SAVED_AUTH_CHAINS_FILE).toFile();
             TypeReference<Map<String, String>> type = new TypeReference<>() { };
-            try (FileWriter writer = new FileWriter(savedTokens)) {
+            try (FileWriter writer = new FileWriter(savedAuthChains)) {
                 JSON_MAPPER.writerFor(type)
                         .withDefaultPrettyPrinter()
-                        .writeValue(writer, savedRefreshTokens);
+                        .writeValue(writer, this.savedAuthChains);
             } catch (IOException e) {
                 getLogger().error("Unable to write saved refresh tokens!", e);
             }

core/src/main/java/org/geysermc/geyser/item/type/PlayerHeadItem.java

@@ -25,7 +25,7 @@
 
 package org.geysermc.geyser.item.type;
 
-import com.github.steveice10.mc.auth.data.GameProfile;
+import org.geysermc.mcprotocollib.auth.GameProfile;
 import org.checkerframework.checker.nullness.qual.NonNull;
 import org.geysermc.geyser.level.block.type.Block;
 import org.geysermc.geyser.session.GeyserSession;

core/src/main/java/org/geysermc/geyser/level/block/type/SkullBlock.java

@@ -25,7 +25,7 @@
 
 package org.geysermc.geyser.level.block.type;
 
-import com.github.steveice10.mc.auth.data.GameProfile;
+import org.geysermc.mcprotocollib.auth.GameProfile;
 import org.cloudburstmc.math.vector.Vector3i;
 import org.cloudburstmc.nbt.NbtMap;
 import org.cloudburstmc.nbt.NbtMapBuilder;

core/src/main/java/org/geysermc/geyser/network/UpstreamPacketHandler.java

@@ -274,10 +274,10 @@ public PacketSignal handle(ModalFormResponsePacket packet) {
 
     private boolean couldLoginUserByName(String bedrockUsername) {
         if (geyser.getConfig().getSavedUserLogins().contains(bedrockUsername)) {
-            String refreshToken = geyser.refreshTokenFor(bedrockUsername);
-            if (refreshToken != null) {
+            String authChain = geyser.authChainFor(bedrockUsername);
+            if (authChain != null) {
                 geyser.getLogger().info(GeyserLocale.getLocaleStringLog("geyser.auth.stored_credentials", session.getAuthData().name()));
-                session.authenticateWithRefreshToken(refreshToken);
+                session.authenticateWithAuthChain(authChain);
                 return true;
             }
         }