?
Host a server
Modrinth App
Sign in
ModsPluginsData PacksShadersResource PacksModpacks
Settings
ZyrenAuth

ZyrenAuth

ZyrenAuth is a secure and modern authentication plugin/mod for Minecraft 1.21.1+ servers. It focuses on account security, player privacy, and a smooth login experience. Supports both Paper and Fabric servers.

51
0

Compatibility

Minecraft: Java Edition

1.21–1.21.1

Platforms

Links

Report issues View source Visit wiki

Creators

_Pheonix
_PheonixMember
katch0420
katch0420Member

Details

Licensed MIT
Published last month
Updated 3 weeks ago

ZyrenAuth - Secure Minecraft Authentication Plugin

ZyrenAuth is a modern, robust, and privacy-focused authentication plugin/mod for Minecraft 1.21.1+ servers, developed by _Pheonix. It delivers strong account protection and a seamless, intuitive login experience for both Paper and Fabric server environments.

🔗 Visit our Official Modrinth Page for updates & versions: https://modrinth.com/plugin/zyrenauth/versions 🔗 Visit our Official Website for more details & a Config Generator: https://zyrenauth.wuaze.com/

✨ Key Features

  • Mandatory Captcha System on Join:
    • Players are now required to solve a dynamic captcha (either a math problem or an interactive item-click challenge) immediately upon joining, before proceeding to login or registration.
    • Features configurable expiry time and a maximum of 3 attempts before the player is kicked.
    • Players are safely teleported to a dedicated void-like zone (0.5, 5.0, 0.5) during the captcha phase, ensuring no interaction with the game world.
  • Dedicated 2FA Setup GUI:
    • The /za 2fa setup command now opens an intuitive in-game GUI that clearly displays your 2FA secret key and QR code URI, making setup with popular authenticator apps much easier.
  • Distinct Authentication Teleportation:
    • After successfully solving the captcha, players are seamlessly teleported to a separate, safe void (0.5, 0.0, 0.5) to handle /login or /register prompts, ensuring a focused authentication process.
  • Comprehensive Player State Management:
    • Player's original location, inventory, gamemode, health, food, experience, and even potion effects are now reliably saved upon entering the authentication flow and fully restored upon successful login/registration.
  • Asynchronous Modrinth Update Checker:
    • The plugin now automatically checks Modrinth for the latest release version upon startup and notifies server owners in the console if an update is available.
  • Dynamic On-Screen Authentication Prompts: Players receive clear, persistent on-screen titles and subtitles for /register and /login commands, guiding them through the authentication process seamlessly until successfully logged in.
  • Optional Two-Factor Authentication (2FA) via Google Authenticator: Players can enable 2FA for an extra layer of security; compulsory for that player's future logins once enabled. Compatible with popular authenticator apps.
  • Smart Player Authentication:
    • For Online-Mode Servers (online-mode=true): Automatically registers and logs in legitimate Minecraft accounts. No manual /register is required, and usernames are automatically updated.
    • For Servers in Alternative Authentication Modes (online-mode=false): Registered players are automatically logged in. Unregistered players must register to ensure account security.
  • Secure Logins: Utilizes strong BCrypt password hashing and robust username validation.
  • Flexible Storage: Full support for MySQL/MariaDB for persistent, scalable data, with improved internal handling for encrypted file-based accounts as a robust fallback.
  • Optional Email Features: Supports email confirmation and password reset functionalities (requires MySQL and SMTP configuration).
  • Improved Command Interface: Unified /za admin command (alias for /zyrenauthadmin), revamped /za help and /za status with clearer, aesthetic chat-box layouts, and integrated 2FA subcommands.
  • Streamlined File Management: All plugin files (config.json, accounts.json, secret.key, data/, logs/) are now organized under server_root/plugins/config/zyrenauth/ for cleaner server directories.

🚀 Supported Platforms

  • Paper: 1.21.1+ (Place in plugins/ folder)
  • Fabric: 1.21.1+ (Place in mods/ folder, requires Fabric API)

⚡ Quick Start

  1. Download ZyrenAuth (Paper or Fabric version).
  2. Place the file in your server’s plugins/ or mods/ folder.
  3. Start and stop the server once to generate the configuration file.
  4. Easily configure your config.json using our Online Config Generator!
  5. Restart the server.

⚙️ Key Configuration Options (config.json)

Location: server_root/plugins/config/zyrenauth/config.json

  • requirePasswordConfirmation, freezeUnverifiedPlayers, autoLoginPremiumPlayers: (boolean) General player experience settings.
  • captchaEnabled, captchaType, captchaMathMin, captchaMathMax, captchaItemClickAmount, captchaExpiryMinutes, maxCaptchaAttempts: (boolean, String, int) Captcha system settings.
  • minPasswordLength, requireDigit, requireLowercase, requireUppercase, requireSpecialChar: (int, boolean) Customizable password policy.
  • bcryptStrength: (int) Work factor for password hashing complexity.
  • spawnWorld, spawnYaw, spawnPitch: (String, float) World and orientation for authentication spawn points. (X, Y, Z coordinates are now dynamically set for captcha and login/register stages).
  • mysqlEnabled, mysqlHost, mysqlPort, mysqlDatabase, mysqlUser, mysqlPassword: (boolean, String) MySQL/MariaDB database connection.
  • emailFeaturesEnabled, smtpHost, smtpPort, smtpUsername, smtpPassword, smtpAuth, smtpStarttlsEnable, emailSenderAddress: (boolean, String) Email feature and SMTP server details.
  • emailConfirmationExpiryMinutes, passwordResetExpiryMinutes: (int) Token expiry durations.
  • webServerUrl: (String) Base URL for links in email verification/password reset emails.
  • maxLoginAttempts, lockoutDurationSeconds: (int, long) Failed login lockout settings (MySQL only).
  • antiAccountSharingEnabled, ipDeviceLockingEnabled: (boolean) Advanced security features (MySQL only).
  • totpIssuer: (String) Issuer name displayed in authenticator apps for 2FA.
  • msgCaptchaKick, msgCaptchaExpiredKick: (String) Customizable messages for captcha failure and expiry kicks.

For a full list of options and easy setup, use our Online Config Generator!

📜 Commands

  • /register <password> <confirm>: Register a new account.
  • /login <password>: Log in to your account.
  • /captcha <answer>: Solve the current captcha challenge.
  • /addemail <email>: Link an email to your account.
  • /emailconfirm <token>: Confirm your email.
  • /resetpassword: Initiate password reset.
  • /resetconfirm <token> <new_password> <confirm>: Complete password reset.
  • /za help: View plugin help and commands.
  • /za status: Check plugin status (OP only).
  • /za reload: Reload plugin configuration (OP only).
  • /za migrate <player>: Migrate old plaintext player data to encrypted format (OP only).
  • /za delete <player> [confirm]: Delete a player's account (OP only).
  • /za 2fa setup: Set up Two-Factor Authentication (opens GUI).
  • /za 2fa confirm <code>: Confirm 2FA setup or login.
  • /za 2fa disable <code>: Disable 2FA.
  • /za 2fa status: Check 2FA status.

🤝 Support & License