feat(link): /link and /unlink a Microsoft account from in-game#23
Merged
Conversation
Friend sync needs a Microsoft refresh token for the player, and Microsoft will not hand one to a game client — the consent has to happen in a browser. So the command's whole job is to fetch a consent URL from forge and put it in chat as something clickable. The UUID sent to forge is only a claim. forge verifies it against the Minecraft profile behind the completed consent and refuses a mismatch, so nothing here has to be trusted — which is why this can be a plain chat command with no proof attached. Every call is async: a Velocity command runs on the netty thread and forge has to reach Microsoft before it can answer, so blocking would stall the proxy. The HTTP client mirrors plugin-grounds-platform's WhitelistApiClient — JDK HttpClient, nothing to shade, and the token read from the environment per request rather than held in a field, because a credential in a field ends up in a toString() sooner or later. Without GROUNDS_FORGE_URL the commands are not registered at all, rather than registered and guaranteed to fail. Note: this is the first command in plugin-player. feat/permission adds commands too and touches the same registration site — expect a trivial conflict there.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Part of Minecraft friend sync. Needs groundsgg/grounds-forge#471 (the endpoints this calls).
What
/link→ forge returns a Microsoft consent URL → posted in chat as a clickable component./unlink→ drops the stored token.The consent must happen in a browser: Microsoft will not issue a token to a game client. So there is no way to make this a pure in-game flow, and the command's job is reduced to fetching a URL and making it clickable.
Why no proof is attached to the request
The UUID sent to
link/startis self-asserted — it's a chat command. That's fine, because forge verifies the Minecraft profile behind the completed consent against that UUID and refuses a mismatch. Signing in as someone else gets you nothing. The trust sits at the callback, not here.Details
plugin-grounds-platform'sWhitelistApiClient: JDKHttpClient(nothing to shade), and the token read from the env per request rather than held in a field, because a credential in a field ends up in atoString()eventually.GROUNDS_FORGE_URL→ commands are not registered, rather than registered and guaranteed to fail.MessagesConfig(English), not hardcoded.Heads-up
This is the first command in plugin-player —
mainhas none today. Yourfeat/permissionbranch adds commands and touches the same registration site inGroundsPluginPlayer, so expect a trivial conflict whichever lands second.Verification
./gradlew buildgreen (compile + spotless + existing tests). Not exercised against a live forge — the endpoints are still in review on grounds-forge#471.