Skip to main content

Download

https://www.spigotmc.org/resources/leaderos-auth.127863/

Source Code

https://github.com/leaderos-net/minecraft-leaderos-auth

Features

  • Enables in-game login/register operations directly via the LeaderOS API.
  • Works without a database connection. If you are experiencing database connectivity issues, this plugin is the perfect solution.
  • Seamless integration with LeaderOS.
  • Compatible with Velocity, Bungeecord, and Spigot/Paper.
  • Provides secure and stable authentication.
  • A modern alternative to AuthMe and LimboAuth.

Installation Summary

If you are using Velocity, install only the Velocity JAR.
  • Fill in the url and api-key fields in config.yml.
If you are using Bungeecord, install both the Bungeecord JAR and the Spigot/Paper JAR.
  • Install the Spigot/Paper JAR on your Auth/Lobby server.
  • Fill in the auth-server field in the Bungeecord config.yml.
  • Fill in the url and api-key fields in the Spigot/Paper config.yml.
If you are not using any proxy system (Standalone), install only the Spigot/Paper JAR.
  • Fill in the url and api-key fields in config.yml.
Important fields in config.yml:
  • You can set the lang value to en to enable English language support (or tr for Turkish).
  • The url value must be your website’s URL. Example: https://myserver.com
  • The api-key is the key found on your website under Dashboard > Settings > API.
If you are using Cloudflare, you must also perform the following step: Unblocking API for sites using Cloudflare

Usage with Velocity

With the Velocity version, you can set up authentication without needing a dedicated “fake lobby” server. When a user joins, they are directed to a virtual Limbo server generated by the proxy for login/registration. Once authenticated, the player is redirected to the main server.

Velocity Requirements

  • Velocity 3.4 b520 or higher.
  • LimboAPI 1.1.27.

Installation for Velocity

  1. Download the plugin and upload the Velocity JAR to your Velocity server’s plugins folder.
  2. Restart the Velocity server.
  3. Once the server restarts, open plugins/leaderosauth/config.yml. Fill in the url and api-key fields:
    • url: Enter your website’s URL. Example: https://myserver.com
    • api-key: Enter your website’s API key. You can find this in Dashboard > Settings > API.
  4. Restart the Velocity server again to complete the installation.
Note: When using the Velocity method, you do not need to install the plugin on your Spigot/Paper servers. Installing the Velocity version is sufficient.

Usage with Bungeecord

The Bungeecord version is designed for security. It requires a Spigot/Paper server to handle the actual login/registration process; it does not work by installing it solely on Bungeecord. The purpose of this version is to prevent users from connecting to the lobby with an admin account and executing commands like /server before logging in.
If you are using Bungeecord, you absolutely must use this plugin. Otherwise, malicious users could connect to your lobby with an admin username and use commands like /server to bypass authentication, potentially harming your server.
Using only the Bungeecord JAR is not enough. You must also install the plugin on a Spigot/Paper server (your auth lobby).

Installation for Bungeecord

  1. Download the plugin and upload the Bungeecord JAR to your Bungeecord server’s plugins folder.
  2. Restart the Bungeecord server.
  3. Once the server restarts, open plugins/LeaderOS-Auth/config.yml and set the auth-server field to the name of the Spigot/Paper server where auth will take place (e.g., auth_lobby).
  4. Restart the Bungeecord server again.
  5. Install the Spigot/Paper version of the plugin on the server designated for authentication. Details on this installation can be found in the section below.

Usage with Spigot/Paper

You need to install this version on the server where players will log in. If you are using Bungeecord, you must install both this version (on the backend server) and the Bungeecord version (on the proxy).

Installation for Spigot/Paper

  1. Download the plugin and upload the Spigot/Paper JAR to your server.
  2. Restart your server.
  3. Once the server restarts, open plugins/LeaderOS-Auth/config.yml. Fill in the url and api-key fields:
    • url: Enter your website’s URL. Example: https://myserver.com
    • api-key: Enter your website’s API key. You can find this in Dashboard > Settings > API.
    • send-after-auth: If you want to redirect the player to a different server after a successful login/register, set this to true and specify the server name. Example: lobby

config.yml

Velocity

# Main settings
settings:
  # Plugin language (e.g., en, tr)
  lang: en
  # Your website URL
  url: https://myserver.com
  # You can get the API key from Dashboard > Settings > API
  api-key: 123456789abcdefghjklmnb
  # Debug mode
  # Available modes:
  # DISABLED: Disables debug messages
  # ENABLED: Shows all debug messages
  # ONLY_ERRORS: Shows only error messages
  debug-mode: ONLY_ERRORS
  # Should session system be enabled?
  # If enabled, players joining from the same IP won't be asked for a password again. Recommended: false.
  session: false
  # If the player is not registered on the site, they cannot join. Enable this if you only want registration via the website.
  kick-non-registered: false
  # Kick player if they enter the wrong password.
  kick-on-wrong-password: true
  # Kick player if they haven't logged in within 60 seconds.
  auth-timeout: 60
  # Cooldown in seconds for commands like /login and /register
  command-cooldown: 3
  # Minimum allowed password length (can be set to 4 or higher).
  min-password-length: 5
  # List of commands that will be used to log in
  login-commands:
  - login
  - log
  - l
  - giris
  - giriş
  # List of commands that will be used to register
  register-commands:
  - register
  - reg
  - kayit
  - kayıt
  # Disallowed passwords. Simple and easily guessable passwords should be added here.
  unsafe-passwords:
  - '123456'
  - password
  - qwerty
  - '123456789'
  - help
  - sifre
  - '12345'
  - asd123
  - qwe123

Bungeecord

# Main settings
settings:
  # Debug mode
  # Available modes:
  # DISABLED: Disables debug messages
  # ENABLED: Shows all debug messages
  # ONLY_ERRORS: Shows only error messages
  debug-mode: ONLY_ERRORS
  # Enter the name of the server where login/register operations will take place.
  auth-server: auth_lobby
  # Which commands are whitelisted during the login/register phase?
  allowed-commands:
  - login
  - log
  - l
  - giris
  - giriş
  - register
  - reg
  - kaydol
  - kayit
  - kayıt

Spigot/Paper

# Main settings
settings:
  # Plugin language
  lang: en
  # Your website URL
  url: https://myserver.com
  # You can get the API key from Dashboard > Settings > API
  api-key: 123456789abcdefghjklmnb
  # Debug mode
  # Available modes:
  # DISABLED: Disables debug messages
  # ENABLED: Shows all debug messages
  # ONLY_ERRORS: Shows only error messages
  debug-mode: ONLY_ERRORS
  # Should session system be enabled?
  # If enabled, players joining from the same IP won't be asked for a password again. Recommended: false.
  session: false
  # Forces the player into survival mode upon joining.
  force-survival-mode: true
  # If the player is not registered on the site, they cannot join. Enable this if you only want registration via the website.
  kick-non-registered: false
  # Kick player if they enter the wrong password.
  kick-on-wrong-password: true
  # Kick player if they haven't logged in within 60 seconds.
  auth-timeout: 60
  # Cooldown in seconds for commands like /login and /register
  command-cooldown: 3
  # Minimum allowed password length (can be set to 4 or higher).
  min-password-length: 5
  # If enabled, the player is sent to another server after successful login/registration.
  send-after-auth:
    # Set to true to enable.
    enabled: true
    # If enabled: true, the player is sent to this server after auth.
    server: lobby
  # Which commands are whitelisted during the login/register phase?
  allowed-commands:
  - login
  - log
  - l
  - giris
  - giriş
  - register
  - reg
  - kaydol
  - kayit
  - kayıt
  # Disallowed passwords. Simple and easily guessable passwords should be added here.
  unsafe-passwords:
  - '123456'
  - password
  - qwerty
  - '123456789'
  - help
  - sifre
  - '12345'
  - asd123
  - qwe123

Unblocking API for sites using Cloudflare

If you are using Cloudflare, it may block your API system and prevent player logins. In this case, follow the steps below to whitelist the API system in Cloudflare:
  1. Log in to your Cloudflare dashboard.
  2. Navigate to Cloudflare > Security > Security Rules (WAF) > Create Rule > Custom Rules.
  3. Create a rule that matches the configuration shown in the image below. Cloudflare Custom Role