NotEnoughAuth [OAuth: Google, Discord, Telegram and more]
Minecraft Paper plugin (1.21.7+) that brings OAuth authentication and allows players to login/register using multiple providers [Google, GitHub, GitLab, Discord, Twitch, Telegram].
Quick challenge
How far can you run before the mobs catch you?
Minecraft check
Confirm your run
Complete the quick check to get your code.
NotEnoughAuth [OAuth: Google, Discord, Telegram and more]
OAuth2 providers is a OAuth2 providers plugin that allows you to authenticate players using OAuth2 providers (Google, GitHub, GitLab, Discord, Twitch, Telegram) based on the OAuth2 providers functionality.
How to set up — scroll down to the 🪄 Configuration section.
👀 Screenshots
<b>* While you authenticate, you will see the 'Joining world...' screen.</b>
<b>* After successfully authenticating, you will be automatically redirected to the server after the 'Joining world...' screen.</b>
🧶 How it works?
Each player session has a hash describing the state of the client, and it is checked against the database (`data.yml`) each time a player joins. If sessions match - proceed to the server. If they don't, force the authentication.
The session hash is composed of multiple factors: - IP address [`Player.getClientAddress()`)] - View distance [`ClientOption.VIEW_DISTANCE`] - Flag to allow server listings [`ClientOption.ALLOW_SERVER_LISTINGS`] - Locale [`ClientOption.LOCALE`] - Chat visibility [`ClientOption.CHAT_VISIBILITY`] - Skins parts [`ClientOption.SKIN_PARTS`]
💻 Commands
- `/link` — opens a dialog to link an additional OAuth2 provider to your account. - `/unlink` — opens a dialog to unlink an OAuth2 provider from your account. - `/logout` — terminates your current session hash, requires authentication on next join. - `/auth info` — see a list of available commands. - `/auth reload` — reloads the plugin.
Aliases: `/nea`, `/notenoughauth`.
🔞 Permissions
- `notenoughauth.admin` (for %%MD0%% by default) — Allows to use `/auth reload`. - `notenoughauth.default` (%%MD0%% by default) — Allows to use the `/auth info` command. - `notenoughauth.link` (%%MD0%% by default) — Allows to use the `/link` command. - `notenoughauth.unlink` (%%MD0%% by default) — Allows to use the `/unlink` command.
📄 Default config
Otherwise, nothing will work. Otherwise, nothing will work. to put your Otherwise, nothing will work. into the `webIp` field.
Also, you should Otherwise, nothing will work. on your machine for the plugin to work. <i>Port Otherwise, nothing will work. by default</i>.
Otherwise, nothing will work.
```yaml
After setting 'webIp' and 'webPort', take a look at the console output;
You will see a list of OAuth2 redirect URLs - copy these and paste them into your OAuth provider settings (e.g., Google, GitHub) when creating the application credentials.
webIp: "127.0.0.1" webPort: 4177
Defines whether auth redirect links will contain "http" or "https";
For example, if you use Nginx/Apache as a reverse proxy ('80' → '4177') and Cloudflare for SSL certificate, set this to 'true';
For local testing, you may leave this as 'false'.
useHttps: false
If you use tunneling software (such as 'playit.gg' or 'ngrok'), you may use this field for overriding the base URL (e.g., 'https://4be8-112-41-125-11.ngrok-free.app').
overriddenRedirectUrlBase: ""
Time for a player to pass the auth process (in seconds).
timeout: 90
Link for creating Google application: https://console.cloud.google.com/apis/credentials
google: enabled: true clientId: "YOUR_GOOGLE_CLIENT_ID" secret: "YOUR_GOOGLE_CLIENT_SECRET"
Link for creating GitHub application: https://github.com/settings/developers
github: enabled: true clientId: "YOUR_GITHUB_CLIENT_ID" secret: "YOUR_GITHUB_CLIENT_SECRET"
Link for creating GitLab application: https://gitlab.com/-/user_settings/applications
gitlab: enabled: true clientId: "YOUR_GITLAB_APPLICATION_ID" secret: "YOUR_GITLAB_SECRET"
Link for creating Discord application: https://discord.com/developers/applications
discord: enabled: true clientId: "YOUR_DISCORD_CLIENT_ID" secret: "YOUR_DISCORD_CLIENT_SECRET"
Link for creating Twitch application: https://dev.twitch.tv/console/apps/create
twitch: enabled: true clientId: "YOUR_TWITCH_CLIENT_ID" secret: "YOUR_TWITCH_CLIENT_SECRET"
Link to Telegram documentation: https://core.telegram.org/bots/telegram-login#tldr
telegram: enabled: true clientId: "YOUR_TELEGRAM_BOT_CLIENT_ID" secret: "YOUR_TELEGRAM_BOT_CLIENT_SECRET"
messages: "prefix": "&#C8D1DE[NotEnoughAuth]" "auth-required": "&fAuthentication required to join this server." "title": "&#FFDB60Welcome!" "description": "Let's verify it's you using OAuth2.nYou will be prompted to open your browser." "google": "&#D5DEEAGoogle Account" "google-hover": "Click for Google authentication" "github": "&#D5DEEAGitHub Account" "github-hover": "Click for GitHub authentication" "gitlab": "&#D5DEEAGitLab Account" "gitlab-hover": "Click for GitLab authentication" "discord": "&#D5DEEADiscord Account" "discord-hover": "Click for Discord authentication" "twitch": "&#D5DEEATwitch Account" "twitch-hover": "Click for Twitch authentication" "telegram": "&#D5DEEATelegram Account" "telegram-hover": "Click for Telegram authentication" "auth-success": "Authentication successful." "auth-success-description": "You can now return to Minecraft." "auth-failed": "Authentication failed." "account-mismatch": "This Minecraft account is linked to a different account in this OAuth provider." "provider-mismatch": "This provider isn't linked to this player's account." "invalid-state": "Invalid or expired state. Please try again." "timeout": "Timeout." "link-title": "&#FFDB60Link a provider" "link-description": "You may &#A4D400&nlink&r an additional oAuth2 provider to your account to be able to use it as your additional sign-in option on this server." "link-hover": "Click to link this provider" "unlink-title": "&#FFDB60Unlink a provider" "unlink-description": "You may choose an account to &#EB4C42&nunlink&r. If needed, you will be able to link the provider again." "unlink-hover": "Click to unlink this provider" "unlink-confirm-title": "&#FFDB60Are you sure?" "unlink-confirm-description": "This provider will be removed from your account." "confirm-unlink": "&#E74C3CConfirm Unlink" "confirm-unlink-hover": "Permanently unlink this provider" "confirm": "&#A4D400Confirm" "cancel": "&#EB4C42Cancel" "back": "&#EB4C42← Back" "back-hover": "Go back to server list" "info-header": "<prefix> &#ECF4FBCommands:" "info-link": "n &#D8E5EC&n/link&r&#ECF4FB - link an additional provider to your account." "info-unlink": "n &#D8E5EC&n/unlink&r&#ECF4FB - unlink one of the providers from your account." "info-logout": "n &#D8E5EC&n/logout&r&#ECF4FB - sign out of the account." "info-reload": "n &#D8E5EC&n/auth reload&r&#ECF4FB - reload the plugin configuration." "successfully-linked": "<prefix> &#A4D400Linked successfully!" "successfully-unlinked": "<prefix> &#A4D400Unlinked successfully!" "provider-linked": "Provider linked successfully!" "logged-out": "&fYou've successfully logged out." "reloaded": "<prefix> &#ECF4FBReloaded!" "disconnected": "Disconnected." "command-not-found": "<prefix> &#E03E3EOops! That command doesn't exist, or you don't have enough permissions." "not-enough-permissions": "<prefix> &#E03E3ENot enough permissions." "one-provider-left": "<prefix> &#E03E3EYou have only one provider left linked to your account." "all-providers-already-linked": "<prefix> &#ECF4FBYou've already linked all possible providers to your account!" "rejoin": "<prefix> &#E03E3ESession hashes don't match. Please rejoin." "an-error-occurred": "<prefix> &#E03E3EAn error occurred during reload! Check the console logs for details." ```
🚀 Installation
compatible Before getting started, make sure that the plugin's version is compatible with your server version.
1. Download the latest version of the plugin from the Releases tab. 1. Put the downloaded `.jar` into the `/plugins` folder of your server. 1. Restart your server or enter the `/reload` command.
🪄 Configuration
Never share your client secrets, bot tokens, or any other credentials Never share your client secrets, bot tokens, or any other credentials shown in your `config.yml`. Anyone with access to these can impersonate your application. All credentials visible in the screenshots throughout the guide have been revoked and are no longer valid.
4177: 1. Make sure to put your server's public IP into the `webIp` field in `config.yml`. 1. Open a 4177 (%%MD0%% by default) on your server equal to the `webPort` field from the `config.yml`.
How to configure specific providers:
Google
1. Follow the link to open Google Cloud Console: <b>https://console.cloud.google.com/apis/credentials</b>
1. Create a project:
1. Click <b>"Create credentials"</b> → <b>"OAuth client ID"</b>:
1. Set "Web application" to "Web application" and provide it with a name:
1. Enter `/auth reload` and copy the link for Google callback (before that, make sure to populate `webIp` in the configuration with your server public IP or domain):
1. Add the link from the console to the "Create" section and click "Create":
1. Copy both "Client Secret" and "Client Secret":
1. In the `google` section, replace `YOUR_GOOGLE_CLIENT_ID` and `YOUR_GOOGLE_CLIENT_SECRET` with the obtained credentials:
1. ✅ Enter the `/auth reload` and enjoy!
GitHub
1. Follow the link to open GitHub Developer Settings: <b>https://github.com/settings/developers</b>
1. Click "New OAuth App":
1. Enter `/auth reload` and copy the link for GitHub callback (before that, make sure to populate `webIp` in the configuration with your server public IP or domain):
1. Fill in "Register application", "Register application", and paste the redirect URL from the plugin console into the "Register application" field, then click "Register application":
1. Copy the "Generate a new client secret", then click "Generate a new client secret" and copy the generated secret:
1. In the `github` section, replace `YOUR_GITHUB_CLIENT_ID` and `YOUR_GITHUB_CLIENT_SECRET` with the obtained credentials:
1. ✅ Enter `/auth reload` and enjoy!
GitLab
1. Follow the link to open GitLab User Application Settings: <b>https://gitlab.com/-/user_settings/applications</b>
1. Click "Add new application":
1. Enter `/auth reload` and copy the link for GitLab callback (before that, make sure to populate `webIp` in the configuration with your server public IP or domain):
1. Fill in the "Save application" field, paste the redirect URL from the plugin console into the "Save application" field, and select the "Save application" scope, then click "Save application":
1. Copy both the "Secret" and the "Secret":
1. In the `gitlab` section, replace `YOUR_GITLAB_APPLICATION_ID` and `YOUR_GITLAB_SECRET` with the obtained credentials:
1. ✅ Enter `/auth reload` and enjoy!
Discord
1. Follow the link to open the Discord Developer Portal: <b>https://discord.com/developers/applications</b>
1. Click "Create", enter a name for your application, and click "Create":
1. In the left sidebar, select the "Client Secret" tab. Copy the "Client Secret" and "Client Secret":
1. Enter `/auth reload` and copy the link for Discord callback (before that, make sure to populate `webIp` in the configuration with your server public IP or domain):
1. Under the "Save Changes" section on the same OAuth2 page, click "Save Changes", paste the redirect URL from the plugin console, and click "Save Changes":
1. In the `discord` section, replace `YOUR_DISCORD_CLIENT_ID` and `YOUR_DISCORD_CLIENT_SECRET` with the obtained credentials:
1. ✅ Enter `/auth reload` and enjoy!
Twitch
1. Follow the link to open the Twitch Developer Console: <b>https://dev.twitch.tv/console/apps/create</b>
1. Enter `/auth reload` and copy the link for Twitch callback (before that, make sure to populate `webIp` in the configuration with your server public IP or domain):
1. Fill in the "Create" field, paste the redirect URL from the plugin console into the "Create" field and click "Create", then choose any "Create" (e.g. "Website Integration"), and click "Create":
1. Back on the "Manage" list, find your newly created app and click "Manage":
1. Copy the "Client Secret", then click "Client Secret" and copy the generated "Client Secret":
1. In the `twitch` section, replace `YOUR_TWITCH_CLIENT_ID` and `YOUR_TWITCH_CLIENT_SECRET` with the obtained credentials:
1. ✅ Enter `/auth reload` and enjoy!
Telegram
1. Open Telegram and start a chat with @BotFather: <b>https://t.me/BotFather</b>
1. Open the "Create a New Bot" Mini App, click "Create a New Bot" and proceed with the form:
1. Once the bot is created, go to the "Login Widget" tab:
1. Click on the "Switch to OpenID Connect Login":
1. Copy the "Client Secret" and the "Client Secret":
1. Enter `/auth reload` and copy the base domain/IP for the Telegram callback (before that, make sure to populate `webIp` in the configuration with your server public IP or domain):
1. Under the "Add a Redirect URI" section, click "Add a Redirect URI", paste the redirect URL from the plugin console:
1. In the `telegram` section, replace `YOUR_TELEGRAM_BOT_CLIENT_ID` and `YOUR_TELEGRAM_BOT_CLIENT_SECRET` with the obtained credentials:
1. ✅ Enter `/auth reload` and enjoy!
🔁 SSL certificates and HTTPS
[NOTE] If you don't own a domain, tunneling software like [NOTE] or %%MD1%% can also provide an HTTPS URL - use the `overriddenRedirectUrlBase` field in `config.yml` for that.
Some OAuth2 providers require you to own a domain, and in some cases, an SSL certificate (i.e., to use 'https').
You can purchase a domain at websites such as Cloudflare, Spaceship. Domain price comparison tool and aggregator - https://tld-list.com/.
Table of OAuth2 providers and their agility: | Provider | Can use without a private domain | Can use without SSL (HTTPS) | |---|---|---| | Google | ❌ | ✅ | |
GitHub | ✅ | ✅ | |
GitLab | ✅ | ✅ | |
Discord | ✅ | ✅ | |
Twitch | ❌ | ❌ | |
Telegram | ✅ | ✅ |