mojira.dev

DoubleCheck

Assigned

No issues.

Reported

MC-200782 Old Authentication URL in client JARs does not exist anymore Duplicate

Comments

Author of the duplicate bug report here. I want to re-iterate what I said on that one. As it currently stands, all pre-release 1.0 servers have to implement their own authentication, and there's a high probability most are insecure. Furthermore, every server is open to anyone regardless if they've purchased the same. This inadvertently promotes piracy. 

It's a simple fix for the web team, and the solution(s) are well documented. It's a shame so many people are advocating for this to be fixed, but it continues to slip through the cracks. But then again, Mojang does not care about us older players, they only care about the 8-14 year olds with their parent's credit cards. Money talks and time spent on this will not make them any. 

57 comments on this issue, almost all in favor of fixing this. It's a shame Mojang now only cares about the 10 year olds playing the latest version of the game and not the rest of us who enjoy the older versions. As I've mentioned numerous times before, this issue only promotes piracy of the game. If users can't properly authenticate on older servers, server owners are left with no choice but to run "cracked" or offline-mode servers allowing anyone to join regardless if they own the game or not. I'd love to know why Mojang lets a good portion of players and servers break the EULA without caring at all.

 

For those of you who are looking for a potential work around for this, skins, and capes, I wrote some documentation on the old protocol and a solution involving a proxy - https://docs.doublecheck.gg/minecraft-beta/introduction/. It's not ideal, but it will work until, if ever, Mojang cares enough to fix this.

This has been fixed in previous versions back to release 1.0 because it was a real issue. Like I said, Mojang neglected to continue to fix previous versions before that.

This issue is NOT invalid, the issue promotes piracy of the game and all servers pre-release 1.0 break the EULA.

 

This is a simple fix that Mojang has neglected to implement. They fixed all release versions after the authentication was changed in 1.6, but failed to continue with beta versions.

I can confirm changing the URLs from just http://minecraft.net to https://session.minecraft.net/ fixes this issue. I wouldn't say this is an issue for Mojang Web Services, more of an issue for the Java Edition developers as they should fix all of the old client JAR files pre-release 1.0 so that requests are sent to:

https://sessions.minecraft.net/game/joinserver.jsp?user={USERNAME}&sessionId={TOKEN}&serverId={SERVER ID}

instead of:

http://minecraft.net/game/joinserver.jsp?user={USERNAME}&sessionId=TOKEN}&serverId={SERVER ID}