Complete Velocity authentication plugin with intelligent nickname protection, premium auto-login, and secure offline player management.
VeloAuth is a comprehensive authentication system for Velocity proxy that handles all player authorization before they reach your backend servers. It works seamlessly with PicoLimbo to provide a smooth login experience while protecting nickname ownership through intelligent conflict resolution.
- 🔒 Intelligent Nickname Protection - Premium nicknames are reserved unless already registered by cracked players
- ⚡ Premium Auto-Login - Mojang account owners skip authentication automatically
- 🛡️ Secure Offline Auth - BCrypt password hashing with brute-force protection
- 🚀 High Performance - Authorization cache with 24-hour premium status caching
- 🔄 Conflict Resolution - Smart handling of premium/cracked nickname conflicts
- 📊 Admin Tools - Complete conflict management with
/vauth conflicts - 🗄️ Multi-Database - MySQL, PostgreSQL, H2, SQLite
- 🌍 8 Languages - EN, PL, DE, FR, RU, TR, SI, FI
- 🔄 LimboAuth Compatible - 100% database compatibility (no migration needed)
- 📢 Discord Alerts - Webhook notifications for security events
- 🧵 Virtual Threads - Built on Java 21 for maximum performance
- Java 21 or newer
- Velocity proxy (API 3.4.0+)
- PicoLimbo or other limbo/lobby server
- Database: MySQL, PostgreSQL, H2, or SQLite
- Download VeloAuth from Modrinth
- Place the file in your Velocity
plugins/folder - Start Velocity - the plugin will create a
config.ymlfile - Stop Velocity and configure your database and limbo name in
plugins/VeloAuth/config.yml - Restart Velocity
Configure your velocity.toml with PicoLimbo and backend servers:
[servers]
limbo = "127.0.0.1:25566" # PicoLimbo (auth server)
lobby = "127.0.0.1:25565" # Backend server
survival = "127.0.0.1:25566" # Check port availability
try = ["lobby", "survival"] # Order matters for auth redirectImportant: The try configuration controls where authenticated players are redirected. VeloAuth automatically skips the limbo server and selects the first available backend server.
VeloAuth supports Discord notifications for security events. See Discord Setup Guide.
Supported: H2 (out-of-box), MySQL, PostgreSQL, SQLite
| Command | Description | Restrictions |
|---|---|---|
/register <password> <confirm> |
Create new account | Cannot use premium nicknames |
/login <password> |
Login to your account | Works for premium/cracked players |
/changepassword <old> <new> |
Change your password | Must be logged in |
| Command | Permission | Description |
|---|---|---|
/unregister <nickname> |
veloauth.admin |
Remove player account (resolves conflicts) |
/vauth reload |
veloauth.admin |
Reload configuration |
/vauth cache-reset [player] |
veloauth.admin |
Clear authorization cache |
/vauth stats |
veloauth.admin |
Show plugin statistics |
/vauth conflicts |
veloauth.admin |
List nickname conflicts |
- Player connects to Velocity
- VeloAuth checks authorization cache
- If not cached, player is sent to PicoLimbo
- Nickname protection activates during registration
- Player types /login or /register
- VeloAuth verifies credentials with BCrypt
- Player is redirected to backend server via
tryconfiguration
- Premium nicknames are reserved unless already registered by cracked players
- Conflict resolution when premium players use cracked-registered nicknames
- Admin tools for managing nickname conflicts
- Automatic blocking of cracked players trying premium nicknames
VeloAuth is 100% compatible with LimboAuth databases:
- Stop LimboAuth on your backend servers
- Install VeloAuth on Velocity
- Configure VeloAuth to use the same database as LimboAuth
- Start Velocity - all existing accounts will work automatically
Need help? Found a bug? Open an issue on GitHub or join our Discord server.
Contributions are welcome! Please open an issue or PR.
