Modern authentication system for Minecraft servers with email verification, password recovery, and web integration.
AdvancedAuth treats player accounts like real platform accounts rather than simple in‑game passwords, providing a complete authentication layer for both standalone and networked Minecraft servers.
- Email verification for new registrations
- OTP password reset via email
- Session login support
- Premium (paid) account auto‑login
- REST API for external integrations
- Web dashboard for account management
- IP history & security tracking
- BungeeCord / Velocity network support
- Hybrid (premium + cracked) server compatibility
AdvancedAuth is designed as a hybrid authentication layer:
- Minecraft server authentication
- External account system
- Email identity verification
- Web/API integration layer
Accounts are internally identified by UUID for premium players and securely separated for offline‑mode accounts to prevent collisions or impersonation.
- Download the latest release
- Place
AdvancedAuth.jarinto your serverplugins/folder - Start the server once to generate config
- Configure email settings in
config.yml - Restart server
Key configuration areas:
- Email SMTP settings
- Premium detection behavior
- Session login duration
- Account security options
- Network mode (Bungee/Velocity)
Detailed docs: https://plugins.zenuxs.in/advancedAuth
AdvancedAuth exposes a REST API for:
- Account lookup
- Password reset flows
- Account linking
- External platform integration
This allows integration with:
- Websites
- Control panels
- Discord bots
- Custom launchers
- Premium accounts bound to UUID
- Offline accounts isolated
- Email‑verified identity
- OTP recovery flow
- Session tokens
- IP tracking
Designed to reduce impersonation and account takeover risks common in offline‑mode servers.
- Cracked servers needing secure auth
- Hybrid premium/cracked networks
- Servers with web dashboards
- Minecraft SaaS platforms
- Account‑linked ecosystems
Active development 230+ servers using AdvancedAuth
Roadmap highlights:
- External SSO providers
- Account linking flows
- Expanded API
- Admin web panel
# ============================================================
# ZENUXS PLUGINS
# ============================================================
# Website: https://plugins.zenuxs.in
# Developer: developer.rs (Rishabh)
# Discord: https://discord.zenuxs.in
# ============================================================
# ======================================
# AdvanceAuth Configuration
# ======================================
# -------------------------------
# License Key
# -------------------------------
license-key: "GET-FREE-FROM-DISCORD"
# -------------------------------
# API Settings
# -------------------------------
timeout: 10000 # Timeout in milliseconds
# -------------------------------
# Login Settings
# -------------------------------
login:
max-attempts: 3 # Maximum allowed failed login attempts
timeout: 300 # Timeout before retry (in seconds)
session-duration: 86400 # Session duration (in seconds) - 24 hours
enable-sessions: true # Enable session management
session-duration-hours: 24 # How long sessions last (in hours)
# -------------------------------
# Email Settings
# -------------------------------
email:
enabled: true # Enable email features
require-verification: false # Require email verification
otp-expiry-minutes: 10 # OTP expiry time in minutes
# -------------------------------
# IP Tracking Settings
# -------------------------------
ip:
tracking-enabled: true # Enable IP tracking
store-history: true # Store IP history for users
max-history-per-player: 50 # Maximum IP history entries per player
# -------------------------------
# IP Limit Settings
# -------------------------------
ip-limit:
enabled: true # Enable IP-based player limit
max-players: 3 # Maximum players per IP address
# -------------------------------
# Auth World Settings
# -------------------------------
# Players will be teleported to specific world/coordinates during auth process
# Use /auth setLoginLocation and /auth setRegisterLocation to set these locations
auth-world:
# Registration world settings
register-world: '' # World name for registration (leave empty to disable)
register-x: 0.5 # X coordinate for registration
register-y: 64.0 # Y coordinate for registration
register-z: 0.5 # Z coordinate for registration
register-yaw: 0.0 # Yaw (horizontal rotation) for registration
register-pitch: 0.0 # Pitch (vertical rotation) for registration
# Login world settings
login-world: '' # World name for login (leave empty to disable)
login-x: 0.5 # X coordinate for login
login-y: 64.0 # Y coordinate for login
login-z: 0.5 # Z coordinate for login
login-yaw: 0.0 # Yaw (horizontal rotation) for login
login-pitch: 0.0 # Pitch (vertical rotation) for login
# -------------------------------
# Protection Settings
# -------------------------------
# Prevent actions from unauthenticated players
protection:
prevent-movement: true # Prevent movement before login
prevent-block-break: true # Prevent block breaking
prevent-block-place: true # Prevent block placing
prevent-interaction: true # Prevent interaction with blocks/items
prevent-chat: true # Prevent chat messages
prevent-damage: true # Prevent taking damage
prevent-item-drop: true # Prevent dropping items
prevent-item-pickup: true # Prevent picking up items
# -------------------------------
# BungeeCord Settings
# -------------------------------
bungeecord:
block-bungee-commands: true # Block BungeeCord commands for unauthenticated players
# -------------------------------
# Premium (Mojang) Account Settings
# -------------------------------
premium:
enabled: true # Enable premium auto-login
auto-register: true # Auto-register premium players on first join
use-mojang-api: true # Check via Mojang API (requires internet)
cache-premium-status: true # Cache results to reduce API calls
cache-duration: 86400 # Cache duration in seconds (24h)
# -------------------------------
# Authentication Visual Effects
# -------------------------------
effects:
bossbar:
enabled: true
color: BLUE # BLUE, GREEN, PINK, PURPLE, RED, WHITE, YELLOW
style: SOLID # SOLID, SEGMENTED_6, SEGMENTED_10, SEGMENTED_12, SEGMENTED_20
message-login: '&bPlease login using &f/login <password>'
message-register: '&bPlease register using &f/register <password>'
message-premium: '&aAuthenticating premium account...'
title:
enabled: true
fade-in: 10
stay: 40
fade-out: 10
login-required:
title: '&cLogin Required'
subtitle: '&7Use &f/login <password>'
register-required:
title: '&6Registration Required'
subtitle: '&7Use &f/register <password>'
premium-welcome:
title: '&aWelcome &e%player%'
subtitle: '&7You have been automatically logged in'
login-success:
title: '&aLogin Successful'
subtitle: '&7Enjoy your stay!'
blindness:
enabled: true
duration-seconds: 2
amplifier: 1
# -------------------------------
# Messages
# -------------------------------
messages:
prefix: '&8[&bAuth&8] &7'
no-permission: '&cYou don''t have permission to use this command.'
not-player: '&cThis command can only be executed by players.'
already-logged-in: '&aYou are already logged in.'
not-logged-in: '&cPlease login first with /login <password>'
not-registered: '&cPlease register first with /register <password>'
welcome-back: '&e&lWelcome back %player%! &7Please use &b/login <password>'
welcome-new: '&e&lWelcome %player%! &7Please use &b/register <password>'
register-usage: '&cUsage: /register <password>'
login-usage: '&cUsage: /login <password> [--session]'
setemail-usage: '&cUsage: /setemail <email>'
resetpassword-usage: '&cUsage: /resetpassword'
verifyotp-usage: '&cUsage: /verifyotp <otp> <newpassword>'
sessions-usage: '&cUsage: /sessions'
register-success: '&a✓ Registration successful! You can now login with /login.'
login-success: '&a✓ Login successful! Welcome to the server!'
logout-success: '&a✓ You have been logged out.'
reload-success: '&a✓ Configuration reloaded successfully.'
email-set-success: '&a✓ Email set successfully! You can now reset password if needed.'
reset-password-success: '&a✓ OTP has been sent to your email!'
otp-verify-success: '&a✓ Password changed successfully! You can now login with your new password.'
session-restored: '&a✓ Session restored! Welcome back!'
session-created: '&a✓ Session created! You will stay logged in for 24 hours.'
register-error: '&c✗ Registration failed: %error%'
login-error: '&c✗ Login failed: %error%'
login-attempts: '&c⚠ You have %attempts% attempts remaining.'
login-timeout: '&c✗ You have been kicked for too many failed login attempts.'
api-error: '&c✗ Could not connect to authentication server. Please try again later.'
license-error: '&c✗ Invalid license key. Please contact an administrator.'
ip-limit-exceeded: '&c✗ Too many players are already connected from your IP address!'
email-invalid: '&c✗ Invalid email format. Please use a valid email address.'
email-set-failed: '&c✗ Failed to set email: %error%'
reset-password-failed: '&c✗ Failed to reset password: %error%'
otp-verify-failed: '&c✗ Failed to verify OTP: %error%'
otp-expired: '&c✗ OTP has expired. Please request a new one with /resetpassword.'
no-email-set: '&c✗ No email is set for your account. Please use /setemail <email> first.'
no-active-sessions: '&c✗ No active sessions found.'
session-invalid: '&c✗ Invalid or expired session.'
processing-request: '&c⚠ Please wait, your request is being processed...'
teleport-failed: '&c✗ Failed to teleport to authentication area.'
auth-area-unavailable: '&c✗ Authentication area is not available. Please contact an administrator.'
user-not-found: '&c✗ User not found. Please register first with /register.'
otp-sent: '&7OTP sent to: &f%email%'
check-email: '&7Please check your email for the OTP code.'
otp-instructions: '&7Use &b/verifyotp <otp> <newpassword> &7to reset your password.'
otp-expiry-warning: '&e⚠ OTP expires in 10 minutes.'
session-instructions: '&7Use &b/login <password> --session &7to create a 24-hour session.'
email-set-instructions: '&7You can now use /resetpassword if you forget your password.'
logged-in: '&a✓ You are logged in.'
logged-out: '&c✗ You are not logged in.'
session-active: '&a✓ Session active'
session-expired: '&c✗ Session expired'
teleport-to-auth: '&aPlease login with &b/login <password>&a to continue.'
teleport-to-register: '&aPlease register with &b/register <password>&a to continue.'
teleport-back: '&aWelcome! You have been returned to your original location.'
teleport-spawn: '&aWelcome! You have been teleported to spawn.'
legacy-player-register: '&eYou need to register with &b/register <password>&e to continue playing.'
legacy-player-note: '&7(You joined before the authentication plugin was added)'
legacy-player-exists: '&cAccount already exists. Since you''re a legacy player, please use /login with your existing password, or ask an admin to reset your account.'
auth-location-set: '&a%type% location set to your current position in world: %world%'
auth-location-cleared: '&a%type% location cleared. Players will remain in current world.'
player-marked-legacy: '&aMarked %player% as a legacy player. They can now register.'
account-reset-success: '&aSuccessfully reset account for %player%. They can now register as a legacy player.'
account-reset-failed: '&cFailed to reset account for %player%. Error: %error%'
local-registration-success: '&aEmergency local registration for %player% successful!'
custom-join-message: '&a&l+ &a%player% joined the server!'
custom-leave-message: '&c&l- &c%player% left the server!'
reset-password-no-email: '&c✗ No email is set for your account. Please use /setemail <email> first.'
reset-password-user-not-found: '&c✗ User not found. Please register first with /register.'
reset-password-api-error: '&c✗ Could not verify your account. Please try again.'
reset-password-server-error: '&c✗ Could not connect to authentication server. Please try again later.'
otp-sent-to: '&7Sent to: &f%email%'
otp-check-email: '&7Please check your email for the OTP code.'
password-changed-logout: '&e⚠ You have been logged out for security. Please login with your new password.'
login-reminder: '&7Use &b/login %password% &7to login.'
# -------------------------------
# Commands to Execute on Login
# -------------------------------
on-login:
- title %player% title {"text":"Welcome!","color":"green"}
- title %player% subtitle {"text":"Enjoy your stay!","color":"yellow"}
- playsound minecraft:entity.player.levelup player %player%
- say Welcome %player% to the server!
# -------------------------------
# Debug Settings
# -------------------------------
debug:
enabled: false # Enable debug logging
show-otp-in-console: true # Show OTP codes in console for testing (disable in production)
log-ip-changes: true # Log IP address changes
log-session-activity: true # Log session creation and validationWebsite: https://plugins.zenuxs.in/advancedAuth Spigot: https://www.spigotmc.org/resources/advanced-auth.132379/ Discord: https://discord.gg/zenuxs
Rishabh Sharma (Developer RS) Founder of Zenuxs Minecraft plugins, tools & web platforms
All rights reserved © Zenuxs