Skip to content

Instantly share code, notes, and snippets.

@Jckf

Jckf/Yggdrasil.php

Last active July 2, 2021 02:08
Show Gist options
  • Save Jckf/7872337 to your computer and use it in GitHub Desktop.
Save Jckf/7872337 to your computer and use it in GitHub Desktop.
Download ZIP
PHP library for Mojang's Yggdrasil authentication system.
Raw
Yggdrasil.php
<?php
class Yggdrasil {
private $server = 'https://authserver.mojang.com';
private $client_token = null;
private $username = null;
private $access_token = null;
// Construct a new instance for the given username, with optional client token and access token.
// Client token can be null, but this will invalidate all other sessions for this user once
// successfully authenticated.
public function Yggdrasil($username, $client_token = null, $access_token = null) {
$this->username = $username;
$this->client_token = $client_token;
$this->access_token = $access_token;
}
// Get/set the client token.
public function client_token($client_token = null) {
if ($client_token != null)
$this->client_token = $client_token;
return $this->client_token;
}
// Get/set the access token.
public function access_token($access_token = null) {
if ($access_token != null)
$this->access_token = $access_token;
return $this->access_token;
}
// Used internally to dispatch requests.
private function dispatch($uri, $data) {
return json_decode(
@file_get_contents(
$this->server . $uri,
false,
stream_context_create(array(
'http' => array(
'method' => 'POST',
'header' => 'Content-Type: application/json' . PHP_EOL,
'content' => json_encode($data)
)
))
),
true
);
}
// Get an access token.
// http://wiki.vg/Authentication#Authenticate
public function authenticate($password) {
$result = $this->dispatch('/authenticate', array(
'clientToken' => $this->client_token,
'agent' => array(
'name' => 'Minecraft',
'version' => 1
),
'username' => $this->username,
'password' => $password
));
$this->client_token = $result['clientToken'];
$this->access_token = $result['accessToken'];
return $result;
}
// Refresh an access token. Can also be used to validate an access token.
// http://wiki.vg/Authentication#Refresh
public function refresh() {
$result = $this->dispatch('/refresh', array(
'clientToken' => $this->client_token,
'accessToken' => $this->access_token
));
$this->access_token = $result['accessToken'];
return $result;
}
// Check if an access token is the newest one associated with this account.
// http://wiki.vg/Authentication#Validate
public function validate() {
return $this->dispatch('/validate', array(
'accessToken' => $this->access_token
));
}
// Invalidate all access tokens associated with this account.
// http://wiki.vg/Authentication#Signout
public function signout($password) {
return $this->dispatch('/signout', array(
'username' => $this->username,
'password' => $password
));
}
// Invalidate our access token.
// http://wiki.vg/Authentication#Invalidate
public function invalidate() {
return $this->dispatch('/invalidate', array(
'clientToken' => $this->client_token,
'accessToken' => $this->access_token
));
}
// Which variables to keep when serialized.
public function __sleep() {
return array(
'client_token',
'username',
'access_token'
);
}
// What to do when unserialized.
public function __wakeup() {
}
}
@tarikweiss
Copy link

at the end, has to added a "?>"

@JorgenVatle
Copy link

There is a typo on line 112 for $this->accessToken. It should be $this->access_token.

Also, the validate() function will always return false as the response you get from the Mojang API is an empty string on success. And when an invalid client token is given, you will receive a 403 error. Again, without any data.

@MatsAnd
Copy link

MatsAnd commented May 22, 2016

Someone know if this still works?

@Jckf
Copy link
Author

Jckf commented Jun 16, 2016

@Warthelm Keen eye ;) I've not been using those functions myself, so never noticed. This Gist was created before the code was tested. The typo in invalidate() has been fixed, and I suggest you use refresh() to validate tokens.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment