Vouch

Secure server-side authentication for Minecraft 1.21.1. Players register, log in, and optionally enable 2FA — all handled server-side. No client mod needed.

Features

• Argon2id password hashing — async, zero TPS impact
• TOTP 2FA — RFC 6238 compliant with in-game QR codes (Google Authenticator, Authy, Aegis, etc.)
• Session persistence — players stay authenticated across reconnects (UUID + IP bound)
• Pre-auth isolation — unauthenticated players are fully frozen, hidden, and restricted
• Rate limiting — progressive lockout against brute-force attacks
• Multi-database — H2 (default), SQLite, MySQL, PostgreSQL with HikariCP connection pooling
• Multi-language — en_us and es_mx included, fully customizable
• Rich UX — titles, BossBar countdown, ActionBar messages, configurable sounds

How it works

1. Player joins → enters pre-auth jail (invisible, frozen, isolated)
2. /register <password> <password> to create an account
3. /login <password> on each subsequent join
4. /2fa setup to enable TOTP — scans a QR code map in-game
5. Session tokens persist so players skip login on quick reconnects

Requirements

• Minecraft 1.21.1
• Java 21+
• Fabric (≥0.15.11) + Fabric API or NeoForge (≥21.1)
• Architectury API

Configuration

Everything is in vouch.toml — passwords, database, sessions, UI, rate limits, and more. Environment variables are supported for sensitive values like database credentials.

Full documentation: https://vouch.nozz.skin

Permissions

Works with LuckPerms and any permission system compatible with Fabric Permissions API or NeoForge's built-in permission system.

Server-side only

Vouch runs entirely on the server. Players don't need to install anything on their client.