
AuthMe ForceLogin
Useful add-on for AuthMe-Reloaded for Offline-Server
- Загрузки
- 7K
- Подписчики
- 4
- Обновлён
- 23 мая 2026 г.
- Лицензия
- Apache-2.0
Опубликован 21 октября 2025 г.
🎨 Can You Draw It?
🔐 PremiumAuthBypass
PremiumAuthBypass is a Bukkit/Spigot plugin designed to streamline authentication for premium Minecraft players by allowing automatic login based on trusted IP addresses.
It integrates with AuthMe Reloaded and securely links player accounts to their IPs using AES encryption.
⚠️ SECURITY WARNING, PLEASE READ THIS: Proxy Configuration (Velocity / BungeeCord)
If your server runs behind a proxy like Velocity, you must properly configure IP Forwarding. Otherwise, the plugin will detect the proxy's IP address (127.0.0.1) instead of the player's real IP, which will break the IP linking system and create a security risk.
Make sure to set up the forwarding mode in your velocity.toml AND on your backend servers (Spigot/Paper):
- Modern Mode (Recommended):
- Velocity:
player-info-forwarding-mode = "modern" - Paper: Enable
velocity-supportinpaper-global.yml.
- Velocity:
- BungeeGuard Mode:
- Velocity:
player-info-forwarding-mode = "bungeeguard" - Spigot/Paper: Install the
BungeeGuardplugin.
- Velocity:
- Legacy Mode:
- Velocity:
player-info-forwarding-mode = "legacy" - Spigot: Set
bungeecord: trueinspigot.yml.
- Velocity:
✨ Features
🔓 Automatic Login
- Instantly logs in players if they connect from a trusted IP.
🔗 Premium Account Verification
- Checks usernames against Mojang API to ensure they are premium accounts.
🌐 IP Linking System
- Players can link their IP to their account for future automatic authentication.
🔐 AES Encryption
- All stored IP addresses are encrypted (AES-128) for security.
⚡ Async Operations
- Network requests and file saves are handled asynchronously to avoid server lag.
🧠 Smart AuthMe Integration
- Uses reflection to support multiple versions of AuthMe.
💬 Fully Configurable Messages
- Customize all plugin messages via config.
📦 Requirements
- Java 8+
- Bukkit / Spigot / Paper server
- AuthMe Reloaded (recommended for full functionality)
⚙️ How It Works
When a player joins:
- The plugin checks if their IP is already linked.
- If yes → automatic login via AuthMe.
If not linked:
- The plugin verifies if the account is premium.
- Prompts the player to link their IP.
Once linked:
- Future logins from that IP are automatic.
🔧 Commands
| Command | Description |
|---|---|
/premium accept |
Link your current IP to your account |
/premium revoke |
Remove your current IP |
/premium revoke all |
Remove all linked IPs |
/premium list |
Show linked IPs (confirmation required) |
/premium about |
Show plugin info |
📁 Configuration Files
config.yml
- Enable/disable plugin
- Customize messages
- Control join behavior
linked.yml
- Stores encrypted IPs per player
- Automatically managed by the plugin
🔒 Security
- Uses AES-128 encryption for IP storage
- Fallback to Base64 if encryption fails
- No plain IPs stored in files
🔄 Compatibility
The plugin dynamically detects AuthMe API using:
fr.xephi.authme.api.v3.AuthMeApifr.xephi.authme.api.API- Legacy
AuthMeAPI
🌍 External API
- Uses Mojang endpoint: https://api.mojang.com/users/profiles/minecraft/{username} to verify premium accounts.
⚠️ Notes
- Requires AuthMe to force login players.
- Without AuthMe, the plugin still runs but cannot auto-login users.
- IP-based login assumes stable player IPs.
- Security Warning: If running behind a proxy (Velocity/BungeeCord), you must configure IP forwarding properly. If the plugin detects
127.0.0.1as the player's IP, automatic login will fail or risk bypassing security for all local connections.
🧩 Example Use Case
A premium player joins your server regularly from the same location.
✔ First login → manually authenticate
✔ Accept IP linking via /premium accept
✔ Next logins → instant automatic login 🚀
Ченджлог
2.2.0Релиз26.1, 26.1.1, 26.1.2 · 23 мая 2026 г.
Bug Fix: We have resolved a security vulnerability where players could exploit the system if the plugin detected 127.0.0.1 or a local IP address.
Previously, a local IP detection could allow the automatic login bypass to trigger incorrectly. This has been fixed: the bypass mechanism is now strictly disabled for 127.0.0.1 and all local loopback addresses to ensure player authentication cannot be spoofed.
Security Warning: If running behind a proxy (Velocity/BungeeCord), you must configure IP forwarding properly. If the plugin detects 127.0.0.1 as the player's IP, automatic login will now fail completely for that player rather than risking a security bypass for all local connections.
2.0.1Релиз26.1, 26.1.1, 26.1.2 · 1 мая 2026 г.
✨ New Features
🔄 /premium accept System Rework
Removed the intermediate confirmation step for faster usage.
The command now directly performs the Mojang verification and saves the IP.
ℹ️ New Command: /premium about
Added a detailed information section explaining how the plugin works.
Provides full transparency on data handling in compliance with GDPR.
🔒 GDPR Protection & AES Encryption
All IP addresses stored in linked.yml are now encrypted using AES-128.
Even if configuration files are accessed, player IPs remain unreadable in plain text.
IP addresses are only decrypted in memory during player connection.
⚙️ Full Control (Global Toggle)
Added the enableplugin setting in the configuration.
If set to false, the plugin is fully disabled (commands and bypass), ensuring maximum safety during maintenance.
⚙️ Technical Improvements
📁 Full config.json (or config.yml)
All messages without exception (success, errors, help, warnings) are now fully customizable.
Centralized handling of the plugin disabled error message.
🔐 Secure IP Display
The /premium list sure command only displays decrypted IPs after explicit confirmation from the user.
Prevents accidental IP leaks during streams or screenshots.
🧹 Code Cleanup
Improved asynchronous task handling for Mojang API requests.
Optimized performance and reliability.
1.2.1Релиз1.21.10, 1.21.11 · 12 февраля 2026 г.
✨ Main additions
✅ Improved compatibility and robust handling of the bypass feature during the login sequence.
1.2.0Релиз1.21.7, 1.21.8, 1.21.9 · 30 декабря 2025 г.
✨ Main additions
✅ Full compatibility with Paper 1.21.5 up to 1.21.9.
✅ Plugin forced to load after AuthMe via depend: AuthMe in plugin.yml
✅ Use of secure Reflection for AuthMe API (forceLogin, isAuthenticated)
✅ Login execution scheduled with a one-tick scheduler to ensure AuthMe is ready
✅ Silent handling of already logged-in players (isAuthenticated) to prevent duplicates
✅ Support for hybrid offline/online mode
1.1.1Релиз1.21.4, 1.21.10, 1.21.11 · 21 октября 2025 г.
✨ Main additions
The command /premiumbypass has been changed to /premium.
1.1.0Релиз1.21.8, 1.21.9, 1.21.10 · 21 октября 2025 г.
Version 1.1 – October 21, 2025
✨ Main Additions
Support for premium bypass based on multiple IP addresses for each player.
🛠 Improved Features
Adapted linked.yml file management to store multiple IP addresses per player.
Verification and activation of the bypass for all registered IP addresses.
🐞 Bug Fixes and Stability
Secure saving of multiple IP addresses in linked.yml.
IP address verification before activation to prevent conflicts.
⚡ Additional Notes
Players must be authenticated via AuthMe before activating the bypass.
1.0.0Релиз1.21.8, 1.21.9, 1.21.10 · 21 октября 2025 г.
Version 1.0 – 10/21/2025
✨ Main Additions
Full support for IP-based premium bypass.
If the player's IP matches the registered IP, they are automatically logged in via AuthMe.
Players can manually activate the bypass with /premiumbypass accept.
Ability to revoke the bypass with /premiumbypass revoke.
Check the status with /premiumbypass status.
Support for Bedrock users (names starting with _).
🛠 Improved Features
Multi-version compatible AuthMe detection and integration via reflection:
fr.xephi.authme.api.v3.AuthMeApi
fr.xephi.authme.api.API
fr.xephi.authme.AuthMe.getInstance().getAPI()
Automatic prompt on login to invite players to activate the bypass.
Fully configurable messages in config.yml.
Robust management of linked.yml to store linked IPs.
Compatibility with all Minecraft versions supporting AuthMe.
📝 Messages and Configuration
Customizable confirmation messages, prompts, and errors.
settings.prompt_on_join option to enable/disable the automatic prompt.
🐞 Fixes and Stability
Automatic and secure saving of linked.yml.
Enhanced error handling when calling AuthMe methods via reflection.
Secure IP verification before activating the bypass.
⚡ Additional Notes
Plugin is independent of account type (offline/online): works as long as AuthMe is installed.
Optimized for performance and multi-server compatibility.
Players must be authenticated via AuthMe before activating the bypass.
Комментарии
Загружаем…