Lunch (--)you apparently need permission from #microsoft to make third party #minecraft launchers now, after the migration from #mojang accounts
https://github.com/MultiMC/MultiMC5/issues/4087
boosts encouraged
third party launchers have to register an auth token and are only able to distribute as binary form in order to hide this token
this is pretty obviously anti-user behavior on the part of Microsoft, and we shouldn't at all be surprised
Tjiho@lunch I think its a normal behavior to use a token to connect to an external service (here microsoft).
And it's normal to not distribute it with the source, someone could reuse it to do bad things (bruteforce microsoft account).
Many opensource software do the same. If you want to build it yourself you can get a token from Microsoft.
@lunch I'm surprise that mojang account does not need an auth token.
@Tjiho your user account should serve as enough of an auth token
@lunch It depends, here it uses oauth2, so you don't have to trust the launcher a lot (ok it's kind of stupid because you build it yourself).
That one of the modern way to do clean authentication without giving your Microsoft password to the launcher.
That one of the modern way to do clean authentication without giving your Microsoft password to the launcher.
@lunch It adds also the advantage that a Microsoft user can untrust the launcher from his Microsoft account, and it will invalidate the login from Microsoft.
Plus a system of permissions, so the launcher does not have access to your full Microsoft account.
Plus a system of permissions, so the launcher does not have access to your full Microsoft account.
@Tjiho if you can *reproducibly* build it from source then this is a nonissue, but that's not even possible now at least with the way it is right now
ThatOneCalculator@lunch yea. I dont like how ppl are getting mad at the maintainer when it's rlly Micro$oft's fault 