-
-
Save air/01dc784a18b8c1c9dbcb9514b38c04ee to your computer and use it in GitHub Desktop.
| #!/bin/bash | |
| # you need httpie (apt-get install httpie) | |
| # you need to replace <these things> with your details | |
| # run with 'source' to export vars to your shell for experimentation | |
| # 1. authenticate to get an access token | |
| auth_server=https://authserver.mojang.com | |
| user=<your login email> | |
| password=<your account password> | |
| client_token=any-constant-string | |
| # log in | |
| response=$(http POST ${auth_server}/authenticate username=${user} password=${password} clientToken=${client_token} agent:='{"name": "Minecraft", "version": 1}') | |
| # strip double quotes | |
| access_token=$(echo ${response} | jq .accessToken | sed 's/"//g') | |
| # 2. Utility: validate an access token is still valid | |
| # http POST ${auth_server}/validate accessToken=${access_token} clientToken=${client_token} | |
| # 3. Utility: refresh the token, getting a new accessToken without having to give password | |
| # http POST ${auth_server}/refresh accessToken=${access_token} clientToken=${client_token} | |
| # 4. access Realms! | |
| # server. Note the real Minecraft client uses pc.realms.minecraft.net | |
| realms_server=https://pc.realms.minecraft.net | |
| # your UUID from https://mcuuid.net, I believe the trimmed version is correct | |
| uuid=<your trimmed UUID> | |
| # your username, e.g. notch | |
| user_id=<your username> | |
| # Minecraft version | |
| version=1.11.2 | |
| # is this user allowed to access Realms? see http://wiki.vg/Realms_API | |
| http --verbose GET ${realms_server}/mco/available "Cookie:sid=token:${access_token}:${uuid};user=${user_id};version=${version}" |
Can we use this in any way for Bedrock?
https://wiki.vg/Realms_API
My friends and I were looking into creating a discord bot specifically for bedrock realms, but I'm not sure that is possible :/
can you clarify how the "client token" works ?
can you clarify how the "client token" works ?
The value doesn't matter functionally, but it has to be there as I remember. You can set it as you like and keep it consistent for a client.
The best ref I can find is https://github.com/Chris54721/OpenMCAuthenticator#client-tokens
Example of how I set it, https://github.com/air/minecraft-tools/blob/master/login.sh#L16
Does anyone else get dns issues?
Yep looks like the host mcoapi.minecraft.net no longer exists! We need to find where the auth server is these days.
This is now fixed, thanks to Brian McCullom who located the new server at pc.realms.minecraft.net.
Tried to translate this to python, got 403 forbidden?
username = input('starting first time setup\nenter your username:')
email = input('enter your mojang account email (this information is only sent to mojang, i never see it)\n')
password = input('enter your mojang account password\n')
clientauth = input('enter a client token (this is like a password, treat\nit like one, preferably \nno spaces or special characters)\n')
response = requests.post(url='https://authserver.mojang.com/authenticate', cookies={'username': username, 'password': password, 'clientToken': clientauth, 'agent': '{"name": "Minecraft", "version": 1}'})
print(response)
Tried to translate this to python, got 403 forbidden?
One observation, the POST to authserver (line 15 in my gist) doesn't use cookies (like you're doing). I think it's just URL params. Only the GET to Realms uses cookies.
For those who may want to know, bedrock's endpoint is: https://bedrock.realms.minecraft.net/
Are you sure? I'm getting an ENOTFOUND Error when I try to use that. pocket.realms.minecraft.net however does at least return my requests, so I'd expect this one to be the correct endpoint.
Any way to use this with the recent Microsoft changeover? App passwords or something?
Yep Java edition. The final scripts are in my minecraft-tools repo. The API must be around, just not documented - maybe you could network sniff it?