Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

can't login to server using ely.by account #109

Open
techexplorers123 opened this issue Oct 22, 2024 · 1 comment · May be fixed by yushijinhun/authlib-injector#266
Open

can't login to server using ely.by account #109

techexplorers123 opened this issue Oct 22, 2024 · 1 comment · May be fixed by yushijinhun/authlib-injector#266
Labels
bug Something isn't working not our fault

Comments

@techexplorers123
Copy link

techexplorers123 commented Oct 22, 2024
edited
Loading

sorry if this is the wrong place to post.
i can't login with ely.by account from my client. It says
"Connection Lost. Invalid signature for profile public key. Try restarting your game."
i used the links provided here for the api for the ely.by, and tooke the example from the page.
I've noticed that the drasl when starting up complains about not being able to fech the public keys from the api.
2024/10/22 15:37:48 Request to fallback API server at https://account.ely.by/api/authlib-injector/minecraftservices/publickeys resulted in status code 404
i can login using mojang though
i use docker to host the instance, and use apache server as reverse proxy
here is my config

# Drasl default config file
# changed some parts to not reveal my server info
# Example: drasl.example.com
Domain = "auth.xxxx.in"

# Example: https://drasl.example.com
BaseURL = "https://auth.xxxx.in"

# List of usernames who automatically become admins of the Drasl instance
DefaultAdmins = ["admin"]
ForwardSkins = true
AllowChangingPlayerName = true
SignPublicKeys=false
[RegistrationNewPlayer]
Allow = true
AllowChoosingUUID = true
RequireInvite = true

[RegistrationExistingPlayer]
  Allow = true
  Nickname = "Mojang"
  SessionURL = "https://sessionserver.mojang.com"
  AccountURL = "https://api.mojang.com"
  SetSkinURL = "https://www.minecraft.net/msaprofile/mygames/editskin"
  RequireSkinVerification = true
  RequireInvite = true

[[FallbackAPIServers]]
  Nickname = "Ely.by"
  SessionURL = "https://account.ely.by/api/authlib-injector/sessionserver"
  AccountURL = "https://account.ely.by/api"
  ServicesURL = "https://account.ely.by/api/authlib-injector/minecraftservices"
  SkinDomains = ["ely.by", ".ely.by"]
  CacheTTLSeconds = 60

[[FallbackAPIServers]]
  Nickname = "Mojang"
  SessionURL = "https://sessionserver.mojang.com"
  AccountURL = "https://api.mojang.com"
  ServicesURL = "https://api.minecraftservices.com"
  SkinDomains = ["textures.minecraft.net"]
  CacheTTLSeconds = 60


DenyUnknownUsers = true

thanks for the help
evan-goode added a commit to unmojang/authlib-injector that referenced this issue Oct 24, 2024
@evan-goode
Use empty publicKeySignature in dummy ProfileKeyFilter response
049794e 
If we send an invalid signature here (`AA==`), then the vanilla server
will throw an error while handling the LoginHelloC2S packet, even if
`enforce-secure-profile` is `false` in `server.properties`. The client
will be disconnected with the message "Invalid signature for profile
public key. Try restarting your game."

It's better to send an empty string; the server will simply ignore the
missing publicKeySignature if `enforce-secure-profile` is false.

Resolves unmojang/drasl#109.
evan-goode added a commit to unmojang/authlib-injector that referenced this issue Oct 24, 2024
@evan-goode
Use empty publicKeySignature in dummy ProfileKeyFilter response
c30c3ee 
If we send an invalid signature here (`AA==`), then the vanilla server
will throw an error while handling the LoginHelloC2S packet, even if
`enforce-secure-profile` is `false` in `server.properties`. The client
will be disconnected with the message "Invalid signature for profile
public key. Try restarting your game."

It's better to send an empty string; the server will simply ignore the
missing publicKeySignature if `enforce-secure-profile` is false.

Resolves unmojang/drasl#109.
@evan-goode evan-goode linked a pull request Oct 24, 2024 that will close this issue
Open
@evan-goode
Copy link
Member

Thanks, this is valid. I guess using Ely.by as a fallback API server hasn't worked since 1.19? The issue as I understand it is:

  1. Ely.by authlib-injector client does not fetch player certificates from Ely.by because Ely.by does not set feature.enable_profile_key here
  2. Ely.by authlib-injector client instead creates a dummy publicKeySignature/publicKeySignatureV2, AA== and sends that to the Minecraft server in the LoginHelloC2S packet
  3. The Minecraft server sees the invalid signature and disconnects the client: even though enforce-secure-profile=false is set, the server still checks the validity of publicKeySignature if the client provides a non-empty one.

I think using authlib-injector on the server too might be a workaround here, but when I tested that, it worked with Ely.by clients but not Mojang non-authlib-injector clients. I didn't look into it very far.

I filed yushijinhun/authlib-injector#266 which should fix this by sending an empty publicKeySignature instead of a malformed one.

@evan-goode evan-goode added bug Something isn't working not our fault labels Oct 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working not our fault
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use empty publicKeySignature in dummy ProfileKeyFilter response unmojang/authlib-injector
2 participants
@evan-goode @techexplorers123