Skip to content

Instantly share code, notes, and snippets.

@air
Last active June 17, 2022 02:19
Show Gist options
  • Save air/01dc784a18b8c1c9dbcb9514b38c04ee to your computer and use it in GitHub Desktop.
Save air/01dc784a18b8c1c9dbcb9514b38c04ee to your computer and use it in GitHub Desktop.
Let's use the Realms API to download our world backup!
#!/bin/bash
# you need httpie (apt-get install httpie)
# you need to replace <these things> with your details
# run with 'source' to export vars to your shell for experimentation
# 1. authenticate to get an access token
auth_server=https://authserver.mojang.com
user=<your login email>
password=<your account password>
client_token=any-constant-string
# log in
response=$(http POST ${auth_server}/authenticate username=${user} password=${password} clientToken=${client_token} agent:='{"name": "Minecraft", "version": 1}')
# strip double quotes
access_token=$(echo ${response} | jq .accessToken | sed 's/"//g')
# 2. Utility: validate an access token is still valid
# http POST ${auth_server}/validate accessToken=${access_token} clientToken=${client_token}
# 3. Utility: refresh the token, getting a new accessToken without having to give password
# http POST ${auth_server}/refresh accessToken=${access_token} clientToken=${client_token}
# 4. access Realms!
# server. Note the real Minecraft client uses pc.realms.minecraft.net
realms_server=https://pc.realms.minecraft.net
# your UUID from https://mcuuid.net, I believe the trimmed version is correct
uuid=<your trimmed UUID>
# your username, e.g. notch
user_id=<your username>
# Minecraft version
version=1.11.2
# is this user allowed to access Realms? see http://wiki.vg/Realms_API
http --verbose GET ${realms_server}/mco/available "Cookie:sid=token:${access_token}:${uuid};user=${user_id};version=${version}"
@a-couple-objects
Copy link

Tried to translate this to python, got 403 forbidden?

username = input('starting first time setup\nenter your username:')
email = input('enter your mojang account email (this information is only sent to mojang, i never see it)\n')
password = input('enter your mojang account password\n')
clientauth = input('enter a client token (this is like a password, treat\nit like one, preferably \nno spaces or special characters)\n')
response = requests.post(url='https://authserver.mojang.com/authenticate', cookies={'username': username, 'password': password, 'clientToken': clientauth, 'agent': '{"name": "Minecraft", "version": 1}'})
print(response)

@air
Copy link
Author

air commented Apr 16, 2021

Tried to translate this to python, got 403 forbidden?

One observation, the POST to authserver (line 15 in my gist) doesn't use cookies (like you're doing). I think it's just URL params. Only the GET to Realms uses cookies.

@Plagiatus
Copy link

For those who may want to know, bedrock's endpoint is: https://bedrock.realms.minecraft.net/

Are you sure? I'm getting an ENOTFOUND Error when I try to use that. pocket.realms.minecraft.net however does at least return my requests, so I'd expect this one to be the correct endpoint.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment