Logo generated by Google Gemini AI
AgarthaLogin is a high-performance, secure authentication system designed for modern Minecraft networks. It replaces legacy in-game commands /login with a secure, web-based authentication flow. It is the most "production-ready" auth plugin available for Velocity servers.
Important
AgarthaLogin prevents passwords from being compromised with a proper HTTPS setup, but it does not encrypt in-game connection (TCP).
- Just want encryption?
Use OfflineEncryptor with your existing auth plugin. - Want better auth UX?
Use AgarthaLogin (we recommend using it alongside OfflineEncryptor for maximum security).
Note
This project is a fork of LibreLogin, heavily modified for production use and enhanced with web capabilities.
AgarthaLogin is a Hyper-Optimized, secure authentication system.
- Static Error Pages: <1.5KB payload filters DoS attacks before they hit application logic.
- Islands Architecture: Login/Admin pages are highly optimized Islands (<50KB), loading instantly even on slow connections.
- Efficiency: Replaces legacy in-game chat authentication with a modern web flow, offloading authentication traffic entirely from the game protocol and reducing initial connection overhead by over 90%.
- Full Report: View the Benchmark
Built for scalability, security, and user experience, AgarthaLogin replaces legacy chat-based auth with a modern web flow.
Note on scalability: When running multiple instances of Velocity proxies, the plugin currently requires its own unique endpoint for each proxy. (Planned Solution: Decouple Web Stack to Statless Microservice - See Roadmap).
| Feature | Description | Benefits |
|---|---|---|
| 🚀 Zero-Impact Scalability | Offloads unauthenticated players to a lightweight "Limbo" server. | Protects backend from bot attacks; zero impact on logged-in players. |
| 🌐 Web Authentication | React + TypeScript frontend with one-time login links. | Frictionless UX, browser autofill, no sensitive commands in chat. |
| 👑 Premium Auto-Login | Automatically authenticates Mojang accounts. | No passwords needed for legitimate players; offline players protected. |
| 🔒 Modern Cryptography | Argon2ID hashing and TOTP (2FA) support. | Industry-standard security against brute force and leaks. |
| 🌐 i18n Support | Auto-detects client locale for backend and frontend. | Seamless localization for global player bases. |
| 🎮 Cross-Platform | Native support for Geyser/Floodgate (Bedrock). | Works on PC, Mobile, and Console without configuration. |
| 🛡️ Admin Panel | Web-based interface for user management. | Easy account recovery and moderation. |
- ✅ Velocity 3.x (1.21+)
- ✅ Paper (1.21+)
- ✅ Docker — production-ready compose setup
- ✅ Geyser/Floodgate — Bedrock support
- ❌ BungeeCord — not supported
Backend: Java 21, Jetty (embedded web server)
Frontend: Vite + React + TypeScript
Database: MySQL/MariaDB/PostgreSQL/SQLite
| Endpoint | Purpose |
|---|---|
/api/check-token |
Validate login token |
/api/login |
Authenticate credentials |
/api/register |
Create new account |
/api/session-auth |
Verify active session |
/api/admin/* |
Admin panel operations |
New to AgarthaLogin? Check out the Getting Started Guide.
# Build
./gradlew shadowJarFor containerized deployments, see .compose/docker-compose.yaml.
- vuxeim — Support for newest Minecraft versions
- LibreLogin creators — Original base plugin (LibreLogin).