Skip to content

Authentication

Servers authenthicate with Mojang's session servers in order to ensure the client is playing on a legitimate, paid account. Pumpkin allows you to fully configure authentication.

Configuring Authentication

WARNING

Most servers should not change the default authenthication configuration. Doing so may have unintended consequnces. Only change these settings if you know what you are doing!

enabled: Boolean

Whether authenthication is enabled or not.

toml
[authentication]
enabled = false

prevent_proxy_connections: Boolean

Whether to block proxy connections or not.

toml
[authentication]
enabled = true
prevent_proxy_connections = true

auth_url: String (optional)

The URL to authenthicate with. Uses Mojang's session servers to authenthicate if not specified.

Placeholders
PlaceholderDescription
{username}Player username
{server_hash}Hash of the server
toml
[authentication]
auth_url = "[custom auth server here]"

prevent_proxy_connection_auth_url: String (optional)

The URL to authenthicate with if prevent_proxy_connections is enabled. Uses Mojang's session servers to authenthicate if not specified.

Placeholders
PlaceholderDescription
{username}Player username
{server_hash}Hash of the server
{ip}IP Address of the player
toml
[authentication]
prevent_proxy_connection_auth_url = "[custom auth server here]"

Player Profile

allow_banned_players: Boolean

Allow players flagged by Mojang.

toml
[authentication.player_profile]
allow_banned_players = true

allowed_actions: String Array

What actions are allowed if allow_banned_players is enabled.

toml
[authentication.player_profile]
allow_banned_players = true
allowed_actions = ["FORCED_NAME_CHANGE", "USING_BANNED_SKIN"]

Textures

enabled: Boolean

Whether to filter/validate player textures (e.g. Skins/Capes).

toml
[authentication.textures]
enabled = true

allowed_url_schemes: String Array

Allowed URL Schemes for textures.

toml
[authentication.textures]
enabled = true
allowed_url_schemes = ["http", "https"]

allowed_url_domains: String Array

Allowed URL domains for textures.

toml
[authentication.textures]
enabled = true
allowed_url_domains = [".minecraft.net", ".mojang.com"]

Texture Types

skin: Boolean

Whether to use player skins or not.

toml
[authentication.textures.types]
skin = true

cape: Boolean

Whether to use player capes or not.

toml
[authentication.textures.types]
cape = true

elytra: Boolean

Whether to use player elytras or not.

toml
[authentication.textures.types]
elytra = true

Default Config

By default, authentication is enabled and uses Mojang's servers. Here is the default config:

toml
[authentication]
enabled = true
prevent_proxy_connections = false

[authentication.player_profile]
allow_banned_players = false
allowed_actions = ["FORCED_NAME_CHANGE", "USING_BANNED_SKIN"]

[authentication.textures]
enabled = true
allowed_url_schemes = ["http", "https"]
allowed_url_domains = [".minecraft.net", ".mojang.com"]

[authentication.textures.types]
skin = true
cape = true
elytra = true

Released under the MIT License.