Skip to content

feat: optional login_token boot (token-based launcher login)#50

Closed
Shuu-37 wants to merge 1 commit into
LandSandBoat:mainfrom
phoenixffxi:feat/launch-token-upstream
Closed

feat: optional login_token boot (token-based launcher login)#50
Shuu-37 wants to merge 1 commit into
LandSandBoat:mainfrom
phoenixffxi:feat/launch-token-upstream

Conversation

@Shuu-37

@Shuu-37 Shuu-37 commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

Summary

Client-side counterpart to a server change: parse an optional login_token from the --json config and send it in the 0x10 login JSON, so a launcher can boot the game with a single-use, short-TTL token minted by an external auth service instead of a stored password. This supports launchers built around OAuth/SSO sign-in (e.g. "Login with Discord") where there is an authenticated app session but no game password.

Companion server PR: LandSandBoat/server#10421 (adds the login_token rail to xi_connect's LOGIN_ATTEMPT + the accounts_login_tokens table). This client change is harmless without it (the server simply ignores an unknown JSON field).

Changes

  • New global g_LoginToken, populated from jsonGet(jsonData, "login_token") in the --json parse block.
  • A username + login_token (no password) now enables autologin, alongside the existing username+password case.
  • In the 0x10 login JSON, send login_token when present (next to the existing trust_token / trust_this_computer fields). Password may be empty on this path.
  • Handle the new server result LOGIN_ERROR_LAUNCH_TOKEN_INVALID = 0x14 with a "session expired, log in again from the launcher" message and clear the token.

Backward compatibility

login_token is optional. When absent, the existing username/password and trust-token paths are completely unchanged. No protocol version bump.

Notes for reviewers

  • We run this on our fork (Phoenix); opening upstream so it can live in main rather than only downstream.

Parse an optional login_token from the --json config and send it in the 0x10
login JSON. When present it stands in for password + OTP (password may be empty),
and a username + token (no password) enables autologin. Handle the new
LOGIN_ERROR_LAUNCH_TOKEN_INVALID (0x14) result with a 'session expired' message.

Backward compatible: login_token is optional; the existing password/trust-token
path is unchanged.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant