
AuthMeReloaded
The best authentication plugin for the Bukkit/Spigot API!
Обновлён 7 мая 2026 г. · опубликован 29 июня 2024 г.
AuthMeReloaded
"The best authentication plugin for the Bukkit modding API!"
Description
Prevent username stealing on your server!
Use it to secure your Offline mode server or to increase your Online mode server's protection!
AuthMeReloaded disallows players who aren't authenticated to do actions like placing blocks, moving,
typing commands or using the inventory. It can also kick players with uncommonly long or short player names or kick players from banned countries.
With the Session Login feature, you don't have to execute the authentication command every time you connect to the server! Each command and every feature can be enabled or disabled from our well-structured configuration file.
You can also create your own translation file and, if you want, you can share it with us! :)
Features:
- Dedicated builds for Spigot Legacy (1.16–1.19), Spigot 1.21 (1.20–1.21), Paper 1.21+, and Folia 1.21+
- Native proxy plugins for BungeeCord and Velocity
- E-Mail Recovery System!
- Username spoofing protection.
- Countries Whitelist/Blacklist! (country codes)
- Built-in AntiBot System!
- ForceLogin Feature: Admins can login with all account via console command!
- Avoid the "Logged in from another location" message!
- Two-factor (2FA) support!
- Session Login!
- Messages served in each player's own Minecraft client language, with server-language fallback
- Editable translations and messages!
- MySQL, MariaDB, PostgreSQL and SQLite Backend support!
- Supported password encryption algorithms: SHA256, ARGON2, BCRYPT, PBKDF2, PBKDF2BASE64 — full list
- Supports hashes from external systems for zero-downtime migration (XFBCRYPT, MYBB, PHPBB, JOOMLA, WORDPRESS, WBB3/WBB4, IPB3, and more)
- Custom MySQL tables/columns names (useful with forum databases)
- Cached database queries!
- Fully compatible with Citizens2, CombatTag, CombatTagPlus!
- Graphical login/register dialogs, with optional Paper/Folia pre-join dialogs
- Restricted users (associate a username with an IP)
- Protect player's inventory until correct authentication (requires PacketEvents)
- Premium bypass: Mojang-account holders skip password auth (requires PacketEvents)
- Saves the quit location of the player
- Ender pearls thrown before authentication are returned to the player on login
- Separate timeouts for login and registration
- Email address confirmation required before saving on
/email addand/email change - Automatic database backup
- Available languages: translations
- Account importers for Auth+, LibreLogin, LimboAuth, nLogin, OpeNLogin, tiAuth — and built-in SQLite ↔ MySQL/MariaDB/PostgreSQL migration.
Configuration
Dialog UI
AuthMe can display graphical login/register dialogs instead of chat-based prompts.
settings.registration.dialog.postJoin.enableenables the post-join dialog flow.settings.registration.dialog.preJoin.enableenables the pre-join dialog flow on Paper/Folia.- Both options are independent: you can enable either one, both, or neither.
- Pre-join dialogs currently require modern dialog-capable server versions such as Paper/Folia 1.21.11+.
- Verified premium players skip the pre-join dialog entirely when premium bypass is enabled.
Premium bypass
AuthMe can let players with a legitimate Mojang account skip password authentication entirely. Identity is verified via a cryptographic handshake with Mojang's session server during the Minecraft login phase — no password prompt is ever shown.
- Enable with
settings.enablePremium: trueinconfig.yml. - Players opt in with
/premiumand out with/freemium(must be logged in). Admins can enrol or remove players with/authme premium <player>//authme freemium <player>. - Direct-connection (offline-mode, no proxy): requires PacketEvents 2.x. Without it, premium bypass is disabled at startup (fail-closed).
- Behind an online-mode proxy (Velocity / BungeeCord): the proxy authenticates with Mojang and forwards the verified UUID — no PacketEvents needed on the backend. Set
Hooks.bungeecord: trueon the backend. - Behind an offline-mode proxy: install
authme-velocityorauthme-bungeeon the proxy; premium players are authenticated per-player by the proxy and the verified UUID is forwarded to the backend. - Full documentation: docs/premium.md
Commands
Permissions
- authme.player.* - for all user commands
- authme.admin.* - for all admin commands
- List of all permission nodes
How To
- How to use the account importers (Auth+, LibreLogin, LimboAuth, nLogin, OpeNLogin, tiAuth)
- Website integration
- Convert between database types (e.g. SQLite to MySQL):
/authme converter sqliteToSql
Links and Contacts
Support:
Dev resources:
<repositories> <repository> <id>codemc-repo</id> <url>https://repo.codemc.org/repository/maven-public/</url> </repository> </repositories> <dependencies> <dependency> <groupId>fr.xephi</groupId> <artifactId>authme-core</artifactId> <version>6.0.0-SNAPSHOT</version> <scope>provided</scope> </dependency> </dependencies>
Requirements
Compiling requirements:
- JDK 17+ for
authme-core,authme-tools, andauthme-spigot-legacy- JDK 21+ for the full multi-module build (
authme-bungee,authme-spigot-1.21,authme-paper-common,authme-paper,authme-folia,authme-velocity)- Maven (3.8.8+)
- Git/GitHub (Optional)
How to compile the project:
- Clone the project with Git/GitHub
- Execute command
mvn clean package- With JDK 17, Maven builds only the Java 17-compatible modules
- With JDK 21+, Maven builds the full reactor
- Build and tooling command reference: docs/build.md
Running requirements:
- Use the jar matching your server platform/version:
- Java 17+:
AuthMe-*-Spigot-Legacy.jar— Spigot 1.16.x – 1.19.x- Java 21+:
AuthMe-*-Spigot-1.21.jar— Spigot 1.20.x – 1.21.x- Java 21+:
AuthMe-*-Paper.jar— Paper 1.21+- Java 21+:
AuthMe-*-Folia.jar— Folia 1.21+- Java 21+:
AuthMe-*-Bungee.jar— BungeeCord / Waterfall proxy (1.19 API)- Java 21+:
AuthMe-*-Velocity.jar— Velocity 3.4+ proxy- PacketEvents 2.x (optional plugin; required for inventory protection, tab-complete blocking, and premium bypass in direct-connection mode)
Credits
Contributors:
Team members: developers, translators
Credits for the old version of the plugin: d4rkwarriors, fabe1337, Whoami2 and pomo4ka
Thanks also to: AS1LV3RN1NJA, Hoeze and eprimex
GeoIP License:
This product uses data from the GeoLite API created by MaxMind, available at https://www.maxmind.com
Центр версий
14 версийЧенджлог
6.0.0Релиз26.1.1, 26.1.2, 26.2 · 7 мая 2026 г.
AuthMe 6.0.0
AuthMe 6.0.0 is a major overhaul focused on modern server compatibility, a cleaner authentication experience, and broader plugin ecosystem support. This is the first stable release of the 6.x line.
Highlights
Dedicated builds for every platform
AuthMe now ships as separate, purpose-built jars for each server platform: Spigot 1.16–1.19, Spigot 1.20–1.21+, Paper 1.21+ (1.21.11+ recommended for Dialog), and Folia 1.21+. Install the jar that matches your server — no further configuration needed to get the right behaviour for your platform.
Native proxy plugins for BungeeCord and Velocity
Two dedicated proxy plugins are now available, one for BungeeCord and one for Velocity. They handle authentication state synchronisation between the proxy and backend servers automatically, replacing the previous approach that relied solely on backend-side configuration. See the proxy configuration guide for setup instructions.
Dialog-based login and registration
On Spigot 1.21.6+ and Paper / Folia 1.21.11+, players are presented with a graphical dialog to log in or register — displayed right as they connect, before they even fully join the server. The dialog is shown in the player's own language.
Several quality-of-life improvements ship with the dialog system:
- Email recovery in post-join dialogs — players with a recovery email can trigger password recovery directly from the dialog
- "Let player in" recovery option — a new setting allows players to partially join the server to complete account recovery rather than being held at the connection screen
- Customisable body description — the body text of login/register dialogs is configurable per server
- Separate forgot-password dialog — the forgot-password flow has its own dedicated UI for both pre-join and post-join contexts
- Register field validation — pre-join registration dialogs validate fields (password length, email format, etc.) before submission
- Kick-on-cancel option — a new setting controls whether players are kicked if they dismiss the pre-join dialog
Premium bypass with cryptographic Mojang verification
Players with a legitimate Mojang account can skip password authentication entirely. AuthMe verifies their identity via a full cryptographic handshake with Mojang's session server — no password prompt, no dialog box. This closes the spoofing vector that existed when relying solely on username matching.
Three verification modes are supported automatically depending on your setup: direct offline-mode (requires PacketEvents), online-mode proxy (UUID forwarded by the proxy), and offline-mode proxy with the AuthMe proxy plugin. Premium player lists are synchronised automatically and sent in chunks for large servers.
See the premium bypass guide for full setup instructions.
Messages in the player's own language
AuthMe serves each player messages in their Minecraft client language, including login/register prompts, help output, and dialogs. When a player's locale is not available it falls back to the server's configured default. See the translations reference for the full list of supported languages. New in this release: Tatar and Spanish translations.
Eight new account importers
The converter system now covers a wide range of authentication plugins. You can migrate accounts from:
- Auth+, LibreLogin, LimboAuth, nLogin (including SQLite auto-detection), OpeNLogin, tiAuth
All importers reuse the AuthMe connection pool and apply consistent UUID handling. See the converters guide for usage.
New server spawn priority
A new server value is available for the spawn priority setting. The spawn location is determined by the configured server spawn point with an optional radius so players don't stack on the same block. Falls back to the default spawn location if none is available.
Email confirmation on change
/email add and /email change now require the player to confirm the new address before it is saved, preventing typos from locking players out of account recovery.
Separate login and registration timeouts
The single timeout setting has been split into two independent values: loginTimeout and registerTimeout. Existing configurations are migrated automatically — no action required. Full details are in the configuration reference.
New hash algorithm: PBKDF2BASE64
A new PBKDF2BASE64 hash algorithm is now supported. See the hash algorithms reference for details.
Ender pearls returned on login
Ender pearls thrown before authentication are held and returned to the player's inventory on successful login rather than being lost. Configurable via settings.restrictions.cancelThrownEnderPearlOnJoin.
Breaking changes
Java 17 is now the minimum required version for spigot-legacy. Servers still running Java 8 or Java 11 must upgrade before installing this release.
Java 21 is now the minimum required version for other platforms (Spigot 1.21, Paper, Folia).
PacketEvents replaces ProtocolLib for inventory protection, tab-complete blocking, and premium bypass in direct-connection mode. Install PacketEvents 2.x if you use any of these features — ProtocolLib is no longer used for this purpose.
Bug fixes
- Quit location is now correctly saved on disconnect
- Walk and fly speed are properly reset on auto-login via premium, session, or proxy
- Admin force-login commands correctly dismiss any open dialog for the target player
- Proxy auto-login works correctly when the target player is already online
- Email format is validated before any processing is attempted
- Email recovery UI is only shown when the email sending system is properly configured
- TOTP QR codes are generated with a default margin
- BungeeCord plugin messaging channel is correctly registered on startup
- Brigadier command registration handles
@characters and awaits proper type resolution - Converters correctly insert and update player UUIDs
- Spawn location Y coordinate is correctly selected in
serverspawn mode
Additional resources
6.0.0Релиз26.1.1, 26.1.2, 26.2 · 7 мая 2026 г.
AuthMe 6.0.0
AuthMe 6.0.0 is a major overhaul focused on modern server compatibility, a cleaner authentication experience, and broader plugin ecosystem support. This is the first stable release of the 6.x line.
Highlights
Dedicated builds for every platform
AuthMe now ships as separate, purpose-built jars for each server platform: Spigot 1.16–1.19, Spigot 1.20–1.21+, Paper 1.21+ (1.21.11+ recommended for Dialog), and Folia 1.21+. Install the jar that matches your server — no further configuration needed to get the right behaviour for your platform.
Native proxy plugins for BungeeCord and Velocity
Two dedicated proxy plugins are now available, one for BungeeCord and one for Velocity. They handle authentication state synchronisation between the proxy and backend servers automatically, replacing the previous approach that relied solely on backend-side configuration. See the proxy configuration guide for setup instructions.
Dialog-based login and registration
On Spigot 1.21.6+ and Paper / Folia 1.21.11+, players are presented with a graphical dialog to log in or register — displayed right as they connect, before they even fully join the server. The dialog is shown in the player's own language.
Several quality-of-life improvements ship with the dialog system:
- Email recovery in post-join dialogs — players with a recovery email can trigger password recovery directly from the dialog
- "Let player in" recovery option — a new setting allows players to partially join the server to complete account recovery rather than being held at the connection screen
- Customisable body description — the body text of login/register dialogs is configurable per server
- Separate forgot-password dialog — the forgot-password flow has its own dedicated UI for both pre-join and post-join contexts
- Register field validation — pre-join registration dialogs validate fields (password length, email format, etc.) before submission
- Kick-on-cancel option — a new setting controls whether players are kicked if they dismiss the pre-join dialog
Premium bypass with cryptographic Mojang verification
Players with a legitimate Mojang account can skip password authentication entirely. AuthMe verifies their identity via a full cryptographic handshake with Mojang's session server — no password prompt, no dialog box. This closes the spoofing vector that existed when relying solely on username matching.
Three verification modes are supported automatically depending on your setup: direct offline-mode (requires PacketEvents), online-mode proxy (UUID forwarded by the proxy), and offline-mode proxy with the AuthMe proxy plugin. Premium player lists are synchronised automatically and sent in chunks for large servers.
See the premium bypass guide for full setup instructions.
Messages in the player's own language
AuthMe serves each player messages in their Minecraft client language, including login/register prompts, help output, and dialogs. When a player's locale is not available it falls back to the server's configured default. See the translations reference for the full list of supported languages. New in this release: Tatar and Spanish translations.
Eight new account importers
The converter system now covers a wide range of authentication plugins. You can migrate accounts from:
- Auth+, LibreLogin, LimboAuth, nLogin (including SQLite auto-detection), OpeNLogin, tiAuth
All importers reuse the AuthMe connection pool and apply consistent UUID handling. See the converters guide for usage.
New server spawn priority
A new server value is available for the spawn priority setting. The spawn location is determined by the configured server spawn point with an optional radius so players don't stack on the same block. Falls back to the default spawn location if none is available.
Email confirmation on change
/email add and /email change now require the player to confirm the new address before it is saved, preventing typos from locking players out of account recovery.
Separate login and registration timeouts
The single timeout setting has been split into two independent values: loginTimeout and registerTimeout. Existing configurations are migrated automatically — no action required. Full details are in the configuration reference.
New hash algorithm: PBKDF2BASE64
A new PBKDF2BASE64 hash algorithm is now supported. See the hash algorithms reference for details.
Ender pearls returned on login
Ender pearls thrown before authentication are held and returned to the player's inventory on successful login rather than being lost. Configurable via settings.restrictions.cancelThrownEnderPearlOnJoin.
Breaking changes
Java 17 is now the minimum required version for spigot-legacy. Servers still running Java 8 or Java 11 must upgrade before installing this release.
Java 21 is now the minimum required version for other platforms (Spigot 1.21, Paper, Folia).
PacketEvents replaces ProtocolLib for inventory protection, tab-complete blocking, and premium bypass in direct-connection mode. Install PacketEvents 2.x if you use any of these features — ProtocolLib is no longer used for this purpose.
Bug fixes
- Quit location is now correctly saved on disconnect
- Walk and fly speed are properly reset on auto-login via premium, session, or proxy
- Admin force-login commands correctly dismiss any open dialog for the target player
- Proxy auto-login works correctly when the target player is already online
- Email format is validated before any processing is attempted
- Email recovery UI is only shown when the email sending system is properly configured
- TOTP QR codes are generated with a default margin
- BungeeCord plugin messaging channel is correctly registered on startup
- Brigadier command registration handles
@characters and awaits proper type resolution - Converters correctly insert and update player UUIDs
- Spawn location Y coordinate is correctly selected in
serverspawn mode
Additional resources
6.0.0Релиз26.1.1, 26.1.2, 26.2 · 7 мая 2026 г.
AuthMe 6.0.0
AuthMe 6.0.0 is a major overhaul focused on modern server compatibility, a cleaner authentication experience, and broader plugin ecosystem support. This is the first stable release of the 6.x line.
Highlights
Dedicated builds for every platform
AuthMe now ships as separate, purpose-built jars for each server platform: Spigot 1.16–1.19, Spigot 1.20–1.21+, Paper 1.21+ (1.21.11+ recommended for Dialog), and Folia 1.21+. Install the jar that matches your server — no further configuration needed to get the right behaviour for your platform.
Native proxy plugins for BungeeCord and Velocity
Two dedicated proxy plugins are now available, one for BungeeCord and one for Velocity. They handle authentication state synchronisation between the proxy and backend servers automatically, replacing the previous approach that relied solely on backend-side configuration. See the proxy configuration guide for setup instructions.
Dialog-based login and registration
On Spigot 1.21.6+ and Paper / Folia 1.21.11+, players are presented with a graphical dialog to log in or register — displayed right as they connect, before they even fully join the server. The dialog is shown in the player's own language.
Several quality-of-life improvements ship with the dialog system:
- Email recovery in post-join dialogs — players with a recovery email can trigger password recovery directly from the dialog
- "Let player in" recovery option — a new setting allows players to partially join the server to complete account recovery rather than being held at the connection screen
- Customisable body description — the body text of login/register dialogs is configurable per server
- Separate forgot-password dialog — the forgot-password flow has its own dedicated UI for both pre-join and post-join contexts
- Register field validation — pre-join registration dialogs validate fields (password length, email format, etc.) before submission
- Kick-on-cancel option — a new setting controls whether players are kicked if they dismiss the pre-join dialog
Premium bypass with cryptographic Mojang verification
Players with a legitimate Mojang account can skip password authentication entirely. AuthMe verifies their identity via a full cryptographic handshake with Mojang's session server — no password prompt, no dialog box. This closes the spoofing vector that existed when relying solely on username matching.
Three verification modes are supported automatically depending on your setup: direct offline-mode (requires PacketEvents), online-mode proxy (UUID forwarded by the proxy), and offline-mode proxy with the AuthMe proxy plugin. Premium player lists are synchronised automatically and sent in chunks for large servers.
See the premium bypass guide for full setup instructions.
Messages in the player's own language
AuthMe serves each player messages in their Minecraft client language, including login/register prompts, help output, and dialogs. When a player's locale is not available it falls back to the server's configured default. See the translations reference for the full list of supported languages. New in this release: Tatar and Spanish translations.
Eight new account importers
The converter system now covers a wide range of authentication plugins. You can migrate accounts from:
- Auth+, LibreLogin, LimboAuth, nLogin (including SQLite auto-detection), OpeNLogin, tiAuth
All importers reuse the AuthMe connection pool and apply consistent UUID handling. See the converters guide for usage.
New server spawn priority
A new server value is available for the spawn priority setting. The spawn location is determined by the configured server spawn point with an optional radius so players don't stack on the same block. Falls back to the default spawn location if none is available.
Email confirmation on change
/email add and /email change now require the player to confirm the new address before it is saved, preventing typos from locking players out of account recovery.
Separate login and registration timeouts
The single timeout setting has been split into two independent values: loginTimeout and registerTimeout. Existing configurations are migrated automatically — no action required. Full details are in the configuration reference.
New hash algorithm: PBKDF2BASE64
A new PBKDF2BASE64 hash algorithm is now supported. See the hash algorithms reference for details.
Ender pearls returned on login
Ender pearls thrown before authentication are held and returned to the player's inventory on successful login rather than being lost. Configurable via settings.restrictions.cancelThrownEnderPearlOnJoin.
Breaking changes
Java 17 is now the minimum required version for spigot-legacy. Servers still running Java 8 or Java 11 must upgrade before installing this release.
Java 21 is now the minimum required version for other platforms (Spigot 1.21, Paper, Folia).
PacketEvents replaces ProtocolLib for inventory protection, tab-complete blocking, and premium bypass in direct-connection mode. Install PacketEvents 2.x if you use any of these features — ProtocolLib is no longer used for this purpose.
Bug fixes
- Quit location is now correctly saved on disconnect
- Walk and fly speed are properly reset on auto-login via premium, session, or proxy
- Admin force-login commands correctly dismiss any open dialog for the target player
- Proxy auto-login works correctly when the target player is already online
- Email format is validated before any processing is attempted
- Email recovery UI is only shown when the email sending system is properly configured
- TOTP QR codes are generated with a default margin
- BungeeCord plugin messaging channel is correctly registered on startup
- Brigadier command registration handles
@characters and awaits proper type resolution - Converters correctly insert and update player UUIDs
- Spawn location Y coordinate is correctly selected in
serverspawn mode
Additional resources
6.0.0Релиз1.21.3, 1.21.4, 1.21.5 · 7 мая 2026 г.
AuthMe 6.0.0
AuthMe 6.0.0 is a major overhaul focused on modern server compatibility, a cleaner authentication experience, and broader plugin ecosystem support. This is the first stable release of the 6.x line.
Highlights
Dedicated builds for every platform
AuthMe now ships as separate, purpose-built jars for each server platform: Spigot 1.16–1.19, Spigot 1.20–1.21+, Paper 1.21+ (1.21.11+ recommended for Dialog), and Folia 1.21+. Install the jar that matches your server — no further configuration needed to get the right behaviour for your platform.
Native proxy plugins for BungeeCord and Velocity
Two dedicated proxy plugins are now available, one for BungeeCord and one for Velocity. They handle authentication state synchronisation between the proxy and backend servers automatically, replacing the previous approach that relied solely on backend-side configuration. See the proxy configuration guide for setup instructions.
Dialog-based login and registration
On Spigot 1.21.6+ and Paper / Folia 1.21.11+, players are presented with a graphical dialog to log in or register — displayed right as they connect, before they even fully join the server. The dialog is shown in the player's own language.
Several quality-of-life improvements ship with the dialog system:
- Email recovery in post-join dialogs — players with a recovery email can trigger password recovery directly from the dialog
- "Let player in" recovery option — a new setting allows players to partially join the server to complete account recovery rather than being held at the connection screen
- Customisable body description — the body text of login/register dialogs is configurable per server
- Separate forgot-password dialog — the forgot-password flow has its own dedicated UI for both pre-join and post-join contexts
- Register field validation — pre-join registration dialogs validate fields (password length, email format, etc.) before submission
- Kick-on-cancel option — a new setting controls whether players are kicked if they dismiss the pre-join dialog
Premium bypass with cryptographic Mojang verification
Players with a legitimate Mojang account can skip password authentication entirely. AuthMe verifies their identity via a full cryptographic handshake with Mojang's session server — no password prompt, no dialog box. This closes the spoofing vector that existed when relying solely on username matching.
Three verification modes are supported automatically depending on your setup: direct offline-mode (requires PacketEvents), online-mode proxy (UUID forwarded by the proxy), and offline-mode proxy with the AuthMe proxy plugin. Premium player lists are synchronised automatically and sent in chunks for large servers.
See the premium bypass guide for full setup instructions.
Messages in the player's own language
AuthMe serves each player messages in their Minecraft client language, including login/register prompts, help output, and dialogs. When a player's locale is not available it falls back to the server's configured default. See the translations reference for the full list of supported languages. New in this release: Tatar and Spanish translations.
Eight new account importers
The converter system now covers a wide range of authentication plugins. You can migrate accounts from:
- Auth+, LibreLogin, LimboAuth, nLogin (including SQLite auto-detection), OpeNLogin, tiAuth
All importers reuse the AuthMe connection pool and apply consistent UUID handling. See the converters guide for usage.
New server spawn priority
A new server value is available for the spawn priority setting. The spawn location is determined by the configured server spawn point with an optional radius so players don't stack on the same block. Falls back to the default spawn location if none is available.
Email confirmation on change
/email add and /email change now require the player to confirm the new address before it is saved, preventing typos from locking players out of account recovery.
Separate login and registration timeouts
The single timeout setting has been split into two independent values: loginTimeout and registerTimeout. Existing configurations are migrated automatically — no action required. Full details are in the configuration reference.
New hash algorithm: PBKDF2BASE64
A new PBKDF2BASE64 hash algorithm is now supported. See the hash algorithms reference for details.
Ender pearls returned on login
Ender pearls thrown before authentication are held and returned to the player's inventory on successful login rather than being lost. Configurable via settings.restrictions.cancelThrownEnderPearlOnJoin.
Breaking changes
Java 17 is now the minimum required version for spigot-legacy. Servers still running Java 8 or Java 11 must upgrade before installing this release.
Java 21 is now the minimum required version for other platforms (Spigot 1.21, Paper, Folia).
PacketEvents replaces ProtocolLib for inventory protection, tab-complete blocking, and premium bypass in direct-connection mode. Install PacketEvents 2.x if you use any of these features — ProtocolLib is no longer used for this purpose.
Bug fixes
- Quit location is now correctly saved on disconnect
- Walk and fly speed are properly reset on auto-login via premium, session, or proxy
- Admin force-login commands correctly dismiss any open dialog for the target player
- Proxy auto-login works correctly when the target player is already online
- Email format is validated before any processing is attempted
- Email recovery UI is only shown when the email sending system is properly configured
- TOTP QR codes are generated with a default margin
- BungeeCord plugin messaging channel is correctly registered on startup
- Brigadier command registration handles
@characters and awaits proper type resolution - Converters correctly insert and update player UUIDs
- Spawn location Y coordinate is correctly selected in
serverspawn mode
Additional resources
6.0.0Релиз26.1.1, 26.1.2, 26.2 · 7 мая 2026 г.
AuthMe 6.0.0
AuthMe 6.0.0 is a major overhaul focused on modern server compatibility, a cleaner authentication experience, and broader plugin ecosystem support. This is the first stable release of the 6.x line.
Highlights
Dedicated builds for every platform
AuthMe now ships as separate, purpose-built jars for each server platform: Spigot 1.16–1.19, Spigot 1.20–1.21+, Paper 1.21+ (1.21.11+ recommended for Dialog), and Folia 1.21+. Install the jar that matches your server — no further configuration needed to get the right behaviour for your platform.
Native proxy plugins for BungeeCord and Velocity
Two dedicated proxy plugins are now available, one for BungeeCord and one for Velocity. They handle authentication state synchronisation between the proxy and backend servers automatically, replacing the previous approach that relied solely on backend-side configuration. See the proxy configuration guide for setup instructions.
Dialog-based login and registration
On Spigot 1.21.6+ and Paper / Folia 1.21.11+, players are presented with a graphical dialog to log in or register — displayed right as they connect, before they even fully join the server. The dialog is shown in the player's own language.
Several quality-of-life improvements ship with the dialog system:
- Email recovery in post-join dialogs — players with a recovery email can trigger password recovery directly from the dialog
- "Let player in" recovery option — a new setting allows players to partially join the server to complete account recovery rather than being held at the connection screen
- Customisable body description — the body text of login/register dialogs is configurable per server
- Separate forgot-password dialog — the forgot-password flow has its own dedicated UI for both pre-join and post-join contexts
- Register field validation — pre-join registration dialogs validate fields (password length, email format, etc.) before submission
- Kick-on-cancel option — a new setting controls whether players are kicked if they dismiss the pre-join dialog
Premium bypass with cryptographic Mojang verification
Players with a legitimate Mojang account can skip password authentication entirely. AuthMe verifies their identity via a full cryptographic handshake with Mojang's session server — no password prompt, no dialog box. This closes the spoofing vector that existed when relying solely on username matching.
Three verification modes are supported automatically depending on your setup: direct offline-mode (requires PacketEvents), online-mode proxy (UUID forwarded by the proxy), and offline-mode proxy with the AuthMe proxy plugin. Premium player lists are synchronised automatically and sent in chunks for large servers.
See the premium bypass guide for full setup instructions.
Messages in the player's own language
AuthMe serves each player messages in their Minecraft client language, including login/register prompts, help output, and dialogs. When a player's locale is not available it falls back to the server's configured default. See the translations reference for the full list of supported languages. New in this release: Tatar and Spanish translations.
Eight new account importers
The converter system now covers a wide range of authentication plugins. You can migrate accounts from:
- Auth+, LibreLogin, LimboAuth, nLogin (including SQLite auto-detection), OpeNLogin, tiAuth
All importers reuse the AuthMe connection pool and apply consistent UUID handling. See the converters guide for usage.
New server spawn priority
A new server value is available for the spawn priority setting. The spawn location is determined by the configured server spawn point with an optional radius so players don't stack on the same block. Falls back to the default spawn location if none is available.
Email confirmation on change
/email add and /email change now require the player to confirm the new address before it is saved, preventing typos from locking players out of account recovery.
Separate login and registration timeouts
The single timeout setting has been split into two independent values: loginTimeout and registerTimeout. Existing configurations are migrated automatically — no action required. Full details are in the configuration reference.
New hash algorithm: PBKDF2BASE64
A new PBKDF2BASE64 hash algorithm is now supported. See the hash algorithms reference for details.
Ender pearls returned on login
Ender pearls thrown before authentication are held and returned to the player's inventory on successful login rather than being lost. Configurable via settings.restrictions.cancelThrownEnderPearlOnJoin.
Breaking changes
Java 17 is now the minimum required version for spigot-legacy. Servers still running Java 8 or Java 11 must upgrade before installing this release.
Java 21 is now the minimum required version for other platforms (Spigot 1.21, Paper, Folia).
PacketEvents replaces ProtocolLib for inventory protection, tab-complete blocking, and premium bypass in direct-connection mode. Install PacketEvents 2.x if you use any of these features — ProtocolLib is no longer used for this purpose.
Bug fixes
- Quit location is now correctly saved on disconnect
- Walk and fly speed are properly reset on auto-login via premium, session, or proxy
- Admin force-login commands correctly dismiss any open dialog for the target player
- Proxy auto-login works correctly when the target player is already online
- Email format is validated before any processing is attempted
- Email recovery UI is only shown when the email sending system is properly configured
- TOTP QR codes are generated with a default margin
- BungeeCord plugin messaging channel is correctly registered on startup
- Brigadier command registration handles
@characters and awaits proper type resolution - Converters correctly insert and update player UUIDs
- Spawn location Y coordinate is correctly selected in
serverspawn mode
Additional resources
6.0.0Релиз26.1.1, 26.1.2, 26.2 · 7 мая 2026 г.
AuthMe 6.0.0
AuthMe 6.0.0 is a major overhaul focused on modern server compatibility, a cleaner authentication experience, and broader plugin ecosystem support. This is the first stable release of the 6.x line.
Highlights
Dedicated builds for every platform
AuthMe now ships as separate, purpose-built jars for each server platform: Spigot 1.16–1.19, Spigot 1.20–1.21+, Paper 1.21+ (1.21.11+ recommended for Dialog), and Folia 1.21+. Install the jar that matches your server — no further configuration needed to get the right behaviour for your platform.
Native proxy plugins for BungeeCord and Velocity
Two dedicated proxy plugins are now available, one for BungeeCord and one for Velocity. They handle authentication state synchronisation between the proxy and backend servers automatically, replacing the previous approach that relied solely on backend-side configuration. See the proxy configuration guide for setup instructions.
Dialog-based login and registration
On Spigot 1.21.6+ and Paper / Folia 1.21.11+, players are presented with a graphical dialog to log in or register — displayed right as they connect, before they even fully join the server. The dialog is shown in the player's own language.
Several quality-of-life improvements ship with the dialog system:
- Email recovery in post-join dialogs — players with a recovery email can trigger password recovery directly from the dialog
- "Let player in" recovery option — a new setting allows players to partially join the server to complete account recovery rather than being held at the connection screen
- Customisable body description — the body text of login/register dialogs is configurable per server
- Separate forgot-password dialog — the forgot-password flow has its own dedicated UI for both pre-join and post-join contexts
- Register field validation — pre-join registration dialogs validate fields (password length, email format, etc.) before submission
- Kick-on-cancel option — a new setting controls whether players are kicked if they dismiss the pre-join dialog
Premium bypass with cryptographic Mojang verification
Players with a legitimate Mojang account can skip password authentication entirely. AuthMe verifies their identity via a full cryptographic handshake with Mojang's session server — no password prompt, no dialog box. This closes the spoofing vector that existed when relying solely on username matching.
Three verification modes are supported automatically depending on your setup: direct offline-mode (requires PacketEvents), online-mode proxy (UUID forwarded by the proxy), and offline-mode proxy with the AuthMe proxy plugin. Premium player lists are synchronised automatically and sent in chunks for large servers.
See the premium bypass guide for full setup instructions.
Messages in the player's own language
AuthMe serves each player messages in their Minecraft client language, including login/register prompts, help output, and dialogs. When a player's locale is not available it falls back to the server's configured default. See the translations reference for the full list of supported languages. New in this release: Tatar and Spanish translations.
Eight new account importers
The converter system now covers a wide range of authentication plugins. You can migrate accounts from:
- Auth+, LibreLogin, LimboAuth, nLogin (including SQLite auto-detection), OpeNLogin, tiAuth
All importers reuse the AuthMe connection pool and apply consistent UUID handling. See the converters guide for usage.
New server spawn priority
A new server value is available for the spawn priority setting. The spawn location is determined by the configured server spawn point with an optional radius so players don't stack on the same block. Falls back to the default spawn location if none is available.
Email confirmation on change
/email add and /email change now require the player to confirm the new address before it is saved, preventing typos from locking players out of account recovery.
Separate login and registration timeouts
The single timeout setting has been split into two independent values: loginTimeout and registerTimeout. Existing configurations are migrated automatically — no action required. Full details are in the configuration reference.
New hash algorithm: PBKDF2BASE64
A new PBKDF2BASE64 hash algorithm is now supported. See the hash algorithms reference for details.
Ender pearls returned on login
Ender pearls thrown before authentication are held and returned to the player's inventory on successful login rather than being lost. Configurable via settings.restrictions.cancelThrownEnderPearlOnJoin.
Breaking changes
Java 17 is now the minimum required version for spigot-legacy. Servers still running Java 8 or Java 11 must upgrade before installing this release.
Java 21 is now the minimum required version for other platforms (Spigot 1.21, Paper, Folia).
PacketEvents replaces ProtocolLib for inventory protection, tab-complete blocking, and premium bypass in direct-connection mode. Install PacketEvents 2.x if you use any of these features — ProtocolLib is no longer used for this purpose.
Bug fixes
- Quit location is now correctly saved on disconnect
- Walk and fly speed are properly reset on auto-login via premium, session, or proxy
- Admin force-login commands correctly dismiss any open dialog for the target player
- Proxy auto-login works correctly when the target player is already online
- Email format is validated before any processing is attempted
- Email recovery UI is only shown when the email sending system is properly configured
- TOTP QR codes are generated with a default margin
- BungeeCord plugin messaging channel is correctly registered on startup
- Brigadier command registration handles
@characters and awaits proper type resolution - Converters correctly insert and update player UUIDs
- Spawn location Y coordinate is correctly selected in
serverspawn mode
Additional resources
6.0.0-R1Бета26.1, 26.1.1, 26.1.2 · 26 апреля 2026 г.
AuthMe 6.0.0-R1 - Release Candidate
This update brings a smoother, more modern AuthMe experience for both server owners and players. The focus of this release is simple: better support for modern server setups, a cleaner login flow, and more flexibility for server customization.
Highlights
Dedicated builds for every platform
AuthMe now ships as separate, purpose-built jars for each server platform: Spigot 1.16–1.19, Spigot 1.20–1.21, Paper 1.21+, and Folia 1.21+. Install the jar that matches your server — no further configuration needed to get the right behaviour for your platform.
Native proxy plugins for BungeeCord and Velocity
Two new dedicated proxy plugins are now available, one for BungeeCord and one for Velocity. They handle authentication state synchronisation between the proxy and your backend servers automatically, replacing the previous approach that relied solely on backend-side configuration. See the proxy configuration guide for setup instructions.
Dialog-based login and registration
On Spigot 1.21.6+ and Paper / Folia 1.21.11+, players are presented with a graphical dialog to log in or register — displayed right as they connect, before they even fully join the server. The dialog is shown in the server's configured language.
Messages in the player's own language
AuthMe can now automatically serve each player messages in their Minecraft client language. When a player's locale is not available, it falls back cleanly to the server's configured default. See the translations reference for the full list of supported languages.
Separate login and registration timeouts
The single timeout setting has been split into two independent values: loginTimeout and registerTimeout. Existing configurations are migrated automatically — no action required. Full details are in the configuration reference.
New hash algorithm and Auth+ account importer
A new PBKDF2BASE64 hash algorithm is now supported. An importer for accounts from the Auth+ plugin is also included. See the hash algorithms reference and the converters guide for details.
Ender pearls returned on login
Ender pearls thrown before authentication are held and returned to the player's inventory on successful login, rather than being lost. This behaviour is configurable via settings.restrictions.cancelThrownEnderPearlOnJoin.
Breaking changes
Java 17 is now the minimum required version. Servers still running Java 8 or Java 11 must upgrade before installing this release.
PacketEvents replaces ProtocolLib for inventory protection and tab-complete blocking. If you used those features with ProtocolLib, install PacketEvents as an optional dependency instead — ProtocolLib is no longer used for this purpose.
Additional resources
6.0.0-R1Бета26.1, 26.1.1, 26.1.2 · 25 апреля 2026 г.
AuthMe 6.0.0-R1 - Release Candidate
This update brings a smoother, more modern AuthMe experience for both server owners and players. The focus of this release is simple: better support for modern server setups, a cleaner login flow, and more flexibility for server customization.
Highlights
Dedicated builds for every platform
AuthMe now ships as separate, purpose-built jars for each server platform: Spigot 1.16–1.19, Spigot 1.20–1.21, Paper 1.21+, and Folia 1.21+. Install the jar that matches your server — no further configuration needed to get the right behaviour for your platform.
Native proxy plugins for BungeeCord and Velocity
Two new dedicated proxy plugins are now available, one for BungeeCord and one for Velocity. They handle authentication state synchronisation between the proxy and your backend servers automatically, replacing the previous approach that relied solely on backend-side configuration. See the proxy configuration guide for setup instructions.
Dialog-based login and registration
On Spigot 1.21.6+ and Paper / Folia 1.21.11+, players are presented with a graphical dialog to log in or register — displayed right as they connect, before they even fully join the server. The dialog is shown in the server's configured language.
Messages in the player's own language
AuthMe can now automatically serve each player messages in their Minecraft client language. When a player's locale is not available, it falls back cleanly to the server's configured default. See the translations reference for the full list of supported languages.
Separate login and registration timeouts
The single timeout setting has been split into two independent values: loginTimeout and registerTimeout. Existing configurations are migrated automatically — no action required. Full details are in the configuration reference.
New hash algorithm and Auth+ account importer
A new PBKDF2BASE64 hash algorithm is now supported. An importer for accounts from the Auth+ plugin is also included. See the hash algorithms reference and the converters guide for details.
Ender pearls returned on login
Ender pearls thrown before authentication are held and returned to the player's inventory on successful login, rather than being lost. This behaviour is configurable via settings.restrictions.cancelThrownEnderPearlOnJoin.
Breaking changes
Java 17 is now the minimum required version. Servers still running Java 8 or Java 11 must upgrade before installing this release.
PacketEvents replaces ProtocolLib for inventory protection and tab-complete blocking. If you used those features with ProtocolLib, install PacketEvents as an optional dependency instead — ProtocolLib is no longer used for this purpose.
Additional resources
Комментарии
Загружаем…