I have opened a support discord, join now! https://discord.gg/uHm8EbfCFr
AlwaysAuth is a fallback authentication solution for Minecraft servers that ensures your players can log in even if Mojang's authentication servers experience downtime. Unlike traditional offline-mode workarounds, AlwaysAuth keeps your server in online mode while providing a seamless failover mechanism to a local authentication system.
AlwaysAuth operates by inserting a local authentication server between your Minecraft server and Mojang’s official authentication servers:
- When a player tries to log in, AlwaysAuth first sends the authentication request to Mojang.
- If Mojang is online and responds, the request passes back to your server normally.
- If Mojang is offline, AlwaysAuth uses its local fallback system to verify the user.
This approach ensures:
- Instant failover: No waiting for periodic checks. Even short outages are handled seamlessly.
- Online mode stays enabled: You never have to switch your server to offline mode.
- Reliable authentication during extended downtime: Long outages are handled just as smoothly.
| Feature | AlwaysAuth | AlwaysOnline |
|---|---|---|
| Spigot Support | ✅ | ✅ |
| Paper Support | ✅ | ✅ |
| BungeeCord Support | ❌* | ✅ |
| Velocity Support | ✅ | ✅ |
| Sponge Support | ❌** | ✅ |
| Fabric Support | ✅ | ❌ |
| NeoForge Support | ✅ | ❌ |
| Instant Failover | ✅ | ❌ |
| Online Mode Stays Enabled | ✅ | ❌ |
| Remote Database Support | ✅ | ✅ |
| Records Metrics | ❌ | ✅ |
| Multiple Security Modes | ✅ | ❌ |
| IP-Based Validation | ✅ | ✅ |
*There is no possible way to set a custom session server on bungeecord, nor ever will according to md_5, see here. I will be creating a work around that involves many extra steps, however I recommend switching to Velocity or using the Standalone jar
**Sponge support is planned to be added later, I am just unfamiliar with the SpongeAPI
- Keep Online Mode Active: No need to compromise security for downtime.
- Supports Multiple Platforms: Works with Spigot, Paper, BungeeCord, Velocity, Fabric, and NeoForge.
- Flexible Authentication: Choose from multiple security modes and fallback methods.
- Reliable: Handles both short blips and extended Mojang outages effortlessly.
- Download the AlwaysAuth plugin for your server platform.
- Place the plugin in your server’s
plugins(or equivalent) folder. - Restart your server.
- Configure AlwaysAuth in the config file to enable features like local authentication, remote database support, or IP-based validation.
Give yourself the permission alwaysauth.admin to access the commands
AlwaysAuth provides a flexible configuration file where you can:
- Enable or disable specific fallback methods.
- Set up remote databases for cross-server authentication.
- Choose between different security modes.
###################################
# #
# Always Auth Configuration #
# #
###################################
# Whether or not there should be debug message
# This won't work on the standalone jar
debug=false
# Check for updates and notify staff (and console) on join who have the permission alwaysauth.admin
check-updates=true
# The ip for the session server
# If set anything other than 127.0.0.1 or 0.0.0.0 (allows public access), it will treat as external server
# An external server means only port needs to be set (to match that external server) and it will use that to authenticate.
# Please note as of right now you will not see console logs on the server if you are using an external server
ip-address=127.0.0.1
# Port for the session server
port=8765
###########################
# Security Settings #
###########################
# Enable HMAC-SHA256 signature verification for authorized servers
# Currently DISABLED by default due to Minecraft URL handling limitations
# Use firewall rules or localhost restriction for access control instead
# Database encryption works regardless of this setting
authentication-enabled=true
# Secret key for database encryption (auto-generated)
# KEEP THIS SECRET! Used to encrypt IP addresses and profile data in database
# If deleted database will need to also be reset!
# To regenerate, delete this line and restart the server
secret-key=GENERATED ON STARTUP
###########################
# Fallback Settings #
###########################
# Enable session fallback when Mojang servers are down
fallback-enabled=true
# Maximum hours a player can stay offline before requiring re-authentication (0 = always require)
max-offline-hours=72
# Days before old session data is cleaned up
cleanup-days=30
# Security level: 'basic' (always verify) or 'medium' (use max-offline-hours)
security-level=basic
# Upstream Session Server URL
# Default is Mojang's official one but this option is here to work with things like minehut's external servers
upstream-server=https://sessionserver.mojang.com
###########################
# Database Settings #
###########################
# Database type: h2, mysql, or mariadb
database.type=h2
# Database host (not used for H2)
database.host=localhost
# Database port (not used for H2)
database.port=3306
# Database name
database.name=minecraft
# Database username (not used for H2)
database.username=root
# Database password (not used for H2)
database.password=