@loontail/minecraft-kit v0.8.14 / MojangAuthApi

Class: MojangAuthApi

High-level Microsoft / Mojang auth surface attached to MinecraftKit as kit.auth. Sign-in uses the OAuth 2.0 Authorization Code + PKCE flow with a loopback redirect (kit.auth.authorizationCode): the kit opens a localhost server, the caller opens the system browser, the user signs in, and the browser redirects back. The flow continues through the Xbox → XSTS → Minecraft pipeline and returns a MojangSession carrying everything launch composition needs plus the Microsoft refresh token. The library does NOT persist tokens — that's the caller's job.

Example

import { MinecraftKit, toOnlineAuth } from "@loontail/minecraft-kit";

const kit = new MinecraftKit();
const session = await kit.auth.authorizationCode.run({
  onOpenBrowser: (url) => open(url),
});
await saveRefreshToken(session.microsoft.refreshToken);
const launch = await kit.launch.compose(target, { auth: toOnlineAuth(session) });

Constructors

new MojangAuthApi()

new MojangAuthApi(http, logger?): MojangAuthApi

Parameters

Parameter	Type
`http`	`HttpClient`
`logger`?	`Logger`

Returns

MojangAuthApi

Source

src/auth/index.ts:60

Properties

Property	Modifier	Type	Default value	Description
`authorizationCode`	`readonly`	{ `run`: (`options`) => `Promise`<`MojangSession`>; }	`...`	OAuth 2.0 Authorization Code + PKCE with loopback redirect. The kit binds a temporary HTTP server on `127.0.0.1:<random>`, hands the caller an `https://login.microsoftonline.com/...` URL to open in the system browser, captures the redirect, and finishes the full pipeline. `onOpenBrowser` is the only required callback — everything else is plumbing the caller does not need to think about.
`authorizationCode.run`	`readonly`	(`options`: `AuthorizationCodeRunOptions`) => `Promise`<`MojangSession`>	`...`	-
`profile`	`public`	{ `read`: (`input`) => `Promise`<`MinecraftProfile`>; `resetSkin`: (`input`) => `Promise`<`MinecraftProfile`>; `setSkinFromUrl`: (`input`) => `Promise`<`MinecraftProfile`>; `uploadSkin`: (`input`) => `Promise`<`MinecraftProfile`>; }	`...`	Player profile against `api.minecraftservices.com/minecraft/profile`. `read` GETs the current snapshot (cheap access-token validation); the remaining methods mutate the active skin. Every method returns the (post-mutation) MinecraftProfile snapshot so a launcher can refresh its UI without an extra GET round-trip. Example `import { MinecraftKit } from "@loontail/minecraft-kit";const kit = new MinecraftKit(); const session = await kit.auth.authorizationCode.run({ onOpenBrowser }); await kit.auth.profile.setSkinFromUrl({ accessToken: session.minecraft.accessToken, url: "https://textures.minecraft.net/texture/abc...", variant: "CLASSIC", });`
`profile.read`	`public`	(`input`: `ReadProfileInput`) => `Promise`<`MinecraftProfile`>	`...`	-
`profile.resetSkin`	`public`	(`input`: `ResetSkinInput`) => `Promise`<`MinecraftProfile`>	`...`	-
`profile.setSkinFromUrl`	`public`	(`input`: `SetSkinFromUrlInput`) => `Promise`<`MinecraftProfile`>	`...`	-
`profile.uploadSkin`	`public`	(`input`: `UploadSkinInput`) => `Promise`<`MinecraftProfile`>	`...`	-

Methods

refresh()

refresh(refreshToken, options): Promise<MojangSession>

Refresh a previously obtained session. The Microsoft refresh token may be rotated.

Parameters

Parameter	Type
`refreshToken`	`MicrosoftRefreshToken`
`options`	`RefreshOptions`

Returns

Promise<MojangSession>

Source

src/auth/index.ts:68

Class: MojangAuthApi ​

Example ​

Constructors ​

new MojangAuthApi() ​

Parameters ​

Returns ​

Source ​

Properties ​

Methods ​

refresh() ​

Parameters ​

Returns ​

Source ​

Class: MojangAuthApi

Example

Constructors

new MojangAuthApi()

Parameters

Returns

Source

Properties

Methods

refresh()

Parameters

Returns

Source