Skip to content

Instantly share code, notes, and snippets.

@Jckf Jckf/Yggdrasil.php
Last active Jun 16, 2016

Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
PHP library for Mojang's Yggdrasil authentication system.
Raw
Yggdrasil.php
<?php
class Yggdrasil {
private $server = 'https://authserver.mojang.com';
private $client_token = null;
private $username = null;
private $access_token = null;
// Construct a new instance for the given username, with optional client token and access token.
// Client token can be null, but this will invalidate all other sessions for this user once
// successfully authenticated.
public function Yggdrasil($username, $client_token = null, $access_token = null) {
$this->username = $username;
$this->client_token = $client_token;
$this->access_token = $access_token;
}
// Get/set the client token.
public function client_token($client_token = null) {
if ($client_token != null)
$this->client_token = $client_token;
return $this->client_token;
}
// Get/set the access token.
public function access_token($access_token = null) {
if ($access_token != null)
$this->access_token = $access_token;
return $this->access_token;
}
// Used internally to dispatch requests.
private function dispatch($uri, $data) {
return json_decode(
@file_get_contents(
$this->server . $uri,
false,
stream_context_create(array(
'http' => array(
'method' => 'POST',
'header' => 'Content-Type: application/json' . PHP_EOL,
'content' => json_encode($data)
)
))
),
true
);
}
// Get an access token.
// http://wiki.vg/Authentication#Authenticate
public function authenticate($password) {
$result = $this->dispatch('/authenticate', array(
'clientToken' => $this->client_token,
'agent' => array(
'name' => 'Minecraft',
'version' => 1
),
'username' => $this->username,
'password' => $password
));
$this->client_token = $result['clientToken'];
$this->access_token = $result['accessToken'];
return $result;
}
// Refresh an access token. Can also be used to validate an access token.
// http://wiki.vg/Authentication#Refresh
public function refresh() {
$result = $this->dispatch('/refresh', array(
'clientToken' => $this->client_token,
'accessToken' => $this->access_token
));
$this->access_token = $result['accessToken'];
return $result;
}
// Check if an access token is the newest one associated with this account.
// http://wiki.vg/Authentication#Validate
public function validate() {
return $this->dispatch('/validate', array(
'accessToken' => $this->access_token
));
}
// Invalidate all access tokens associated with this account.
// http://wiki.vg/Authentication#Signout
public function signout($password) {
return $this->dispatch('/signout', array(
'username' => $this->username,
'password' => $password
));
}
// Invalidate our access token.
// http://wiki.vg/Authentication#Invalidate
public function invalidate() {
return $this->dispatch('/invalidate', array(
'clientToken' => $this->client_token,
'accessToken' => $this->access_token
));
}
// Which variables to keep when serialized.
public function __sleep() {
return array(
'client_token',
'username',
'access_token'
);
}
// What to do when unserialized.
public function __wakeup() {
}
}
@DeveloperLen

This comment has been minimized.

Sign in to view
Copy link

DeveloperLen commented Oct 19, 2014

at the end, has to added a "?>"
@JorgenVatle

This comment has been minimized.

Sign in to view
Copy link

JorgenVatle commented Apr 28, 2016

There is a typo on line 112 for $this->accessToken. It should be $this->access_token.

Also, the validate() function will always return false as the response you get from the Mojang API is an empty string on success. And when an invalid client token is given, you will receive a 403 error. Again, without any data.
@MatsAnd

This comment has been minimized.

Sign in to view
Copy link

MatsAnd commented May 22, 2016

Someone know if this still works?
@Jckf

This comment has been minimized.

Sign in to view
Copy link
Owner Author

Jckf commented Jun 16, 2016

@Warthelm Keen eye ;) I've not been using those functions myself, so never noticed. This Gist was created before the code was tested. The typo in invalidate() has been fixed, and I suggest you use refresh() to validate tokens.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.