Advertisement
riking

Untitled

Jun 5th, 2014
823
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.96 KB | None | 0 0
  1. =====
  2. ===== This is a working proposal draft and is subject to change.
  3. =====
  4.  
  5. Endpoint: https://sessionserver.mojang.com/session/minecraft/npc/{uuid}?name={name}&texture={texid}
  6.  
  7. Validations:
  8. - uuid is a Type 2 UUID (java.util.UUID#getVersion())
  9. - name does NOT match ^[a-zA-Z0-9_]{2,16}$ (valid username regex)
  10. - texid is 64 hexdigits
  11.  
  12. Returns:
  13. Profile with the provided uuid and name, and this 'textures' Property, signed:
  14. {"timestamp":-1,"profileId":"{uuid}","profileName":"{name}","isStatic":true,"textures":{"SKIN":{"url":"http://textures.minecraft.net/texture/{texid}"}}}
  15.  
  16. -----
  17.  
  18. Client behavior:
  19. These validations should always be made:
  20. - signature matches value
  21. - profileId matches entity Id
  22. - profileName matches player name
  23. Upon seeing a GameProfile from the server, when a 'secure' profile is required (player skins, as opposed to skull textures), the following validations should be made:
  24. - Profile does not define isPublic to be true
  25. - If profile defines isStatic to be true:
  26. - uuid is a Type 2 UUID (java.util.UUID#getVersion())
  27. - player name does NOT match ^[a-zA-Z0-9_]{2,16}$ (valid username regex)
  28. - Otherwise:
  29. - The skin blob is no more than 1 week old
  30.  
  31. -----
  32.  
  33. Notes:
  34. Type 2 UUIDs must be made with the UUID(long, long) constructor. I expect server implementations to provide a helper method to generate these.
  35. Type 2 UUIDs are currently defined as 'DCE Security' UUIDs, but I believe it is safe to repurpose them in this way. They're barely mentioned in RFC 4122, and the RFC does not include details on how to make them.
  36. I sincerely hope nobody stays on a server for a whole week. As we already saw, people will stay on them for a whole day.
  37. Servers and server plugins SHOULD cache the results of this request, with an expiration date of the next Minecraft or plugin version.
  38. Servers and server plugins SHOULD make all necessary requests to this endpoint on their first run, if feasible, or as soon as they know it is needed.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement