AdvancedAuth

Modern authentication system for Minecraft servers with email verification, password recovery, and web integration.

AdvancedAuth treats player accounts like real platform accounts rather than simple in‑game passwords, providing a complete authentication layer for both standalone and networked Minecraft servers.

---

✨ Features

• Email verification for new registrations
• OTP password reset via email
• Session login support
• Premium (paid) account auto‑login
• REST API for external integrations
• Web dashboard for account management
• IP history & security tracking
• BungeeCord / Velocity network support
• Hybrid (premium + cracked) server compatibility

---

🧱 Architecture

AdvancedAuth is designed as a hybrid authentication layer:

• Minecraft server authentication
• External account system
• Email identity verification
• Web/API integration layer

Accounts are internally identified by UUID for premium players and securely separated for offline‑mode accounts to prevent collisions or impersonation.

---

🚀 Installation

1. Download the latest release
2. Place AdvancedAuth.jar into your server plugins/ folder
3. Start the server once to generate config
4. Configure email settings in config.yml
5. Restart server

---

⚙️ Configuration

Key configuration areas:

• Email SMTP settings
• Premium detection behavior
• Session login duration
• Account security options
• Network mode (Bungee/Velocity)

Detailed docs: https://plugins.zenuxs.in/advancedAuth

---

🌐 Web & API Integration

AdvancedAuth exposes a REST API for:

• Account lookup
• Password reset flows
• Account linking
• External platform integration

This allows integration with:

• Websites
• Control panels
• Discord bots
• Custom launchers

---

🔐 Security Model

• Premium accounts bound to UUID
• Offline accounts isolated
• Email‑verified identity
• OTP recovery flow
• Session tokens
• IP tracking

Designed to reduce impersonation and account takeover risks common in offline‑mode servers.

---

🧪 Use Cases

• Cracked servers needing secure auth
• Hybrid premium/cracked networks
• Servers with web dashboards
• Minecraft SaaS platforms
• Account‑linked ecosystems

---

📊 Project Status

Active development 230+ servers using AdvancedAuth

Roadmap highlights:

• External SSO providers
• Account linking flows
• Expanded API
• Admin web panel

---

⚙️ Full Configuration (config.yml)

# ============================================================
#                     ZENUXS PLUGINS
# ============================================================
# Website:   https://plugins.zenuxs.in
# Developer: developer.rs (Rishabh)
# Discord:   https://discord.zenuxs.in
# ============================================================

# ======================================
#         AdvanceAuth Configuration
# ======================================

# -------------------------------
# License Key
# -------------------------------
license-key: "GET-FREE-FROM-DISCORD"

# -------------------------------
# API Settings
# -------------------------------
timeout: 10000 # Timeout in milliseconds

# -------------------------------
# Login Settings
# -------------------------------
login:
  max-attempts: 3 # Maximum allowed failed login attempts
  timeout: 300 # Timeout before retry (in seconds)
  session-duration: 86400 # Session duration (in seconds) - 24 hours
  enable-sessions: true # Enable session management
  session-duration-hours: 24 # How long sessions last (in hours)

# -------------------------------
# Email Settings
# -------------------------------
email:
  enabled: true # Enable email features
  require-verification: false # Require email verification
  otp-expiry-minutes: 10 # OTP expiry time in minutes

# -------------------------------
# IP Tracking Settings
# -------------------------------
ip:
  tracking-enabled: true # Enable IP tracking
  store-history: true # Store IP history for users
  max-history-per-player: 50 # Maximum IP history entries per player

# -------------------------------
# IP Limit Settings
# -------------------------------
ip-limit:
  enabled: true # Enable IP-based player limit
  max-players: 3 # Maximum players per IP address

# -------------------------------
# Auth World Settings
# -------------------------------
# Players will be teleported to specific world/coordinates during auth process
# Use /auth setLoginLocation and /auth setRegisterLocation to set these locations
auth-world:
  # Registration world settings
  register-world: '' # World name for registration (leave empty to disable)
  register-x: 0.5 # X coordinate for registration
  register-y: 64.0 # Y coordinate for registration
  register-z: 0.5 # Z coordinate for registration
  register-yaw: 0.0 # Yaw (horizontal rotation) for registration
  register-pitch: 0.0 # Pitch (vertical rotation) for registration
  
  # Login world settings
  login-world: '' # World name for login (leave empty to disable)
  login-x: 0.5 # X coordinate for login
  login-y: 64.0 # Y coordinate for login
  login-z: 0.5 # Z coordinate for login
  login-yaw: 0.0 # Yaw (horizontal rotation) for login
  login-pitch: 0.0 # Pitch (vertical rotation) for login

# -------------------------------
# Protection Settings
# -------------------------------
# Prevent actions from unauthenticated players
protection:
  prevent-movement: true # Prevent movement before login
  prevent-block-break: true # Prevent block breaking
  prevent-block-place: true # Prevent block placing
  prevent-interaction: true # Prevent interaction with blocks/items
  prevent-chat: true # Prevent chat messages
  prevent-damage: true # Prevent taking damage
  prevent-item-drop: true # Prevent dropping items
  prevent-item-pickup: true # Prevent picking up items

# -------------------------------
# BungeeCord Settings
# -------------------------------
bungeecord:
  block-bungee-commands: true # Block BungeeCord commands for unauthenticated players

# -------------------------------
# Premium (Mojang) Account Settings
# -------------------------------
premium:
  enabled: true # Enable premium auto-login
  auto-register: true # Auto-register premium players on first join
  use-mojang-api: true # Check via Mojang API (requires internet)
  cache-premium-status: true # Cache results to reduce API calls
  cache-duration: 86400 # Cache duration in seconds (24h)

# -------------------------------
# Authentication Visual Effects
# -------------------------------
effects:
  bossbar:
    enabled: true
    color: BLUE # BLUE, GREEN, PINK, PURPLE, RED, WHITE, YELLOW
    style: SOLID # SOLID, SEGMENTED_6, SEGMENTED_10, SEGMENTED_12, SEGMENTED_20
    message-login: '&bPlease login using &f/login <password>'
    message-register: '&bPlease register using &f/register <password>'
    message-premium: '&aAuthenticating premium account...'
  title:
    enabled: true
    fade-in: 10
    stay: 40
    fade-out: 10
    login-required:
      title: '&cLogin Required'
      subtitle: '&7Use &f/login <password>'
    register-required:
      title: '&6Registration Required'
      subtitle: '&7Use &f/register <password>'
    premium-welcome:
      title: '&aWelcome &e%player%'
      subtitle: '&7You have been automatically logged in'
    login-success:
      title: '&aLogin Successful'
      subtitle: '&7Enjoy your stay!'
  blindness:
    enabled: true
    duration-seconds: 2
    amplifier: 1

# -------------------------------
# Messages
# -------------------------------
messages:
  prefix: '&8[&bAuth&8] &7'
  no-permission: '&cYou don''t have permission to use this command.'
  not-player: '&cThis command can only be executed by players.'
  already-logged-in: '&aYou are already logged in.'
  not-logged-in: '&cPlease login first with /login <password>'
  not-registered: '&cPlease register first with /register <password>'
  welcome-back: '&e&lWelcome back %player%! &7Please use &b/login <password>'
  welcome-new: '&e&lWelcome %player%! &7Please use &b/register <password>'
  register-usage: '&cUsage: /register <password>'
  login-usage: '&cUsage: /login <password> [--session]'
  setemail-usage: '&cUsage: /setemail <email>'
  resetpassword-usage: '&cUsage: /resetpassword'
  verifyotp-usage: '&cUsage: /verifyotp <otp> <newpassword>'
  sessions-usage: '&cUsage: /sessions'
  register-success: '&a✓ Registration successful! You can now login with /login.'
  login-success: '&a✓ Login successful! Welcome to the server!'
  logout-success: '&a✓ You have been logged out.'
  reload-success: '&a✓ Configuration reloaded successfully.'
  email-set-success: '&a✓ Email set successfully! You can now reset password if needed.'
  reset-password-success: '&a✓ OTP has been sent to your email!'
  otp-verify-success: '&a✓ Password changed successfully! You can now login with your new password.'
  session-restored: '&a✓ Session restored! Welcome back!'
  session-created: '&a✓ Session created! You will stay logged in for 24 hours.'
  register-error: '&c✗ Registration failed: %error%'
  login-error: '&c✗ Login failed: %error%'
  login-attempts: '&c⚠ You have %attempts% attempts remaining.'
  login-timeout: '&c✗ You have been kicked for too many failed login attempts.'
  api-error: '&c✗ Could not connect to authentication server. Please try again later.'
  license-error: '&c✗ Invalid license key. Please contact an administrator.'
  ip-limit-exceeded: '&c✗ Too many players are already connected from your IP address!'
  email-invalid: '&c✗ Invalid email format. Please use a valid email address.'
  email-set-failed: '&c✗ Failed to set email: %error%'
  reset-password-failed: '&c✗ Failed to reset password: %error%'
  otp-verify-failed: '&c✗ Failed to verify OTP: %error%'
  otp-expired: '&c✗ OTP has expired. Please request a new one with /resetpassword.'
  no-email-set: '&c✗ No email is set for your account. Please use /setemail <email> first.'
  no-active-sessions: '&c✗ No active sessions found.'
  session-invalid: '&c✗ Invalid or expired session.'
  processing-request: '&c⚠ Please wait, your request is being processed...'
  teleport-failed: '&c✗ Failed to teleport to authentication area.'
  auth-area-unavailable: '&c✗ Authentication area is not available. Please contact an administrator.'
  user-not-found: '&c✗ User not found. Please register first with /register.'
  otp-sent: '&7OTP sent to: &f%email%'
  check-email: '&7Please check your email for the OTP code.'
  otp-instructions: '&7Use &b/verifyotp <otp> <newpassword> &7to reset your password.'
  otp-expiry-warning: '&e⚠ OTP expires in 10 minutes.'
  session-instructions: '&7Use &b/login <password> --session &7to create a 24-hour session.'
  email-set-instructions: '&7You can now use /resetpassword if you forget your password.'
  logged-in: '&a✓ You are logged in.'
  logged-out: '&c✗ You are not logged in.'
  session-active: '&a✓ Session active'
  session-expired: '&c✗ Session expired'
  teleport-to-auth: '&aPlease login with &b/login <password>&a to continue.'
  teleport-to-register: '&aPlease register with &b/register <password>&a to continue.'
  teleport-back: '&aWelcome! You have been returned to your original location.'
  teleport-spawn: '&aWelcome! You have been teleported to spawn.'
  legacy-player-register: '&eYou need to register with &b/register <password>&e to continue playing.'
  legacy-player-note: '&7(You joined before the authentication plugin was added)'
  legacy-player-exists: '&cAccount already exists. Since you''re a legacy player, please use /login with your existing password, or ask an admin to reset your account.'
  auth-location-set: '&a%type% location set to your current position in world: %world%'
  auth-location-cleared: '&a%type% location cleared. Players will remain in current world.'
  player-marked-legacy: '&aMarked %player% as a legacy player. They can now register.'
  account-reset-success: '&aSuccessfully reset account for %player%. They can now register as a legacy player.'
  account-reset-failed: '&cFailed to reset account for %player%. Error: %error%'
  local-registration-success: '&aEmergency local registration for %player% successful!'
  custom-join-message: '&a&l+ &a%player% joined the server!'
  custom-leave-message: '&c&l- &c%player% left the server!'
  reset-password-no-email: '&c✗ No email is set for your account. Please use /setemail <email> first.'
  reset-password-user-not-found: '&c✗ User not found. Please register first with /register.'
  reset-password-api-error: '&c✗ Could not verify your account. Please try again.'
  reset-password-server-error: '&c✗ Could not connect to authentication server. Please try again later.'
  otp-sent-to: '&7Sent to: &f%email%'
  otp-check-email: '&7Please check your email for the OTP code.'
  password-changed-logout: '&e⚠ You have been logged out for security. Please login with your new password.'
  login-reminder: '&7Use &b/login %password% &7to login.'

# -------------------------------
# Commands to Execute on Login
# -------------------------------
on-login:
- title %player% title {"text":"Welcome!","color":"green"}
- title %player% subtitle {"text":"Enjoy your stay!","color":"yellow"}
- playsound minecraft:entity.player.levelup player %player%
- say Welcome %player% to the server!

# -------------------------------
# Debug Settings
# -------------------------------
debug:
  enabled: false # Enable debug logging
  show-otp-in-console: true # Show OTP codes in console for testing (disable in production)
  log-ip-changes: true # Log IP address changes
  log-session-activity: true # Log session creation and validation

---

📦 Links

Website: https://plugins.zenuxs.in/advancedAuth Spigot: https://www.spigotmc.org/resources/advanced-auth.132379/ Discord: https://discord.gg/zenuxs

---

👨‍💻 Author

Rishabh Sharma (Developer RS) Founder of Zenuxs Minecraft plugins, tools & web platforms

---

📄 License

All rights reserved © Zenuxs