Protocol
This page provides technical details about the packet formats introduced by Decentralized Auth. The format is heavily inspired by wiki.vg's Protocol document.
Handshaking
See wiki.vg's Handshaking protocol document.
Decentralized Auth reuses the same packet but sets Next State to a value of 69 to indicate a transfer to the Decentralized Auth flow.
Decentralized Auth
The Decentralized Auth login process is as follows:
- C→S: Handshake with Next State set to 69 (Decentralized Auth)
- C→S: Decentralized Auth Start
- S→C: Encryption Request
- C→S: Encryption Response
- Client and server enable encryption
- S→C: Auth Challenge
- C→S: Auth Proof
- Server enforces banlist/whitelist by IP and UUID
- S→C: Profile Request
- C→S: Profile Response
- Server runs login hook based on the requested profile
- S→C: Set Compression (optional)
- S→C: Decentralized Auth Success
Clientbound
Disconnect
Packet ID
State
Bound To
Field Name
Field Type
Notes
0x00
Decentralized Auth
Client
Reason
Chat
The reason why the player was disconnected
Encryption Request
Packet ID
State
Bound To
Field Name
Field Type
Notes
Public Key Length
VarInt
Length of Public Key
0x01
Decentralized Auth
Client
Public Key
Byte Array
Server's ephemeral X25519 public key, in bytes
Auth Challenge
Packet ID
State
Bound To
Field Name
Field Type
Notes
Identity Public Key Length
VarInt
Length of Identity Public Key
Identity Public Key
Byte Array
Server's Ed25519 Identity Public key, in bytes
Length of signed shared secret
VarInt
Length of the signed shared secret
0x02
Decentralized Auth
Client
Signed shared secret
Byte Array
Shared secret signed by the identity Ed25519 key
Profile Request
Packet ID
State
Bound To
Field Name
Field Type
Notes
Has Profile Data
Boolean
Whether or not the remaining fields are present
UUID
UUID
Username
String (16)
Number of Properties
VarInt
Number of elements in the following array
Name
String(32767)
Value
String(32767)
Is Signed
Boolean
Generally false for Decentralized Auth
0x03
Decentralized Auth
Client
Property
Signature
Array
Optional String(32767)
Only if Is Signed is true
Compression Request
This is the same as the vanilla Compression Request packet. The Packet ID is 0x04.
Login Success
Packet ID
State
Bound To
Field Name
Field Type
Notes
UUID
UUID
Username
String (16)
Number of Properties
VarInt
Number of elements in the following array
Name
String(32767)
Value
String(32767)
Is Signed
Boolean
Generally false for Decentralized Auth
0x05
Decentralized Auth
Client
Property
Signature
Array
Optional String(32767)
Only if Is Signed is true
Serverbound
Decentralized Auth start
Packet ID
State
Bound To
Field Name
Field Type
Notes
0x00
Decentralized Auth
Server
(empty packet)
Encryption Response
Packet ID
State
Bound To
Field Name
Field Type
Notes
Public Key Length
VarInt
Length of Public Key
0x01
Decentralized Auth
Server
Public Key
Byte Array
Client's ephemeral X25519 public key, in bytes
Auth Proof
Packet ID
State
Bound To
Field Name
Field Type
Notes
Identity Public Key Length
VarInt
Length of Identity Public Key
Identity Public Key
Byte Array
Server's Ed25519 Identity Public key, in bytes
Length of signed shared secret
VarInt
Length of the signed shared secret
0x02
Decentralized Auth
Server
Signed shared secret
Byte Array
Shared secret signed by the identity Ed25519 key
Profile Response
Packet ID
State
Bound To
Field Name
Field Type
Notes
UUID
UUID
Username
String (16)
Number of Properties
VarInt
Number of elements in the following array
Name
String(32767)
Value
String(32767)
Is Signed
Boolean
Generally false for Decentralized Auth
Property
Signature
Array
Optional String(32767)
Only if Is Signed is true
Number of Textures
VarInt
Number of elements in the following array
Type
String(32767)
Only "SKIN" and "CAPE" are valid
0x03
Decentralized Auth
Server
Property
Value
Array
Byte Array(16384)
PNG data matching any texture SHA256 hashes requested
Play
Note that the Play packets for Decentralized Auth are implemented as plugin messages.
Clientbound
Texture Response
Plugin Channel
State
Bound To
Field Name
Field Type
Notes
SHA256 Length
VarInt
Length of SHA256 hash
decentralizedauth:textures
Play
Client
SHA256
Byte Array
SHA256 hash in bytes
Serverbound
Texture Request
Plugin Channel
State
Bound To
Field Name
Field Type
Notes
Texture Data Length
VarInt
Length of Texture Data
decentralizedauth:textures
Play
Server
Texture Data
Byte Array
Texture Data in bytes