AuthMe Premium documentation

Everything needed to install, trust, operate, and troubleshoot AuthMe Premium on a proxy + backend AuthMe network. This page now reflects the actual source code and backend bridge behavior.

Premium Java auto-login Floodgate / Bedrock support Bukkit backend bridge Proxy trust workflow
What this plugin does: AuthMe Premium sits on the proxy and backend auth server so premium Java players and optional Floodgate Bedrock players can bypass manual /login and /register while cracked Java players still follow your AuthMe flow.

What changed in these docs

The website now documents the backend Bukkit bridge, proxy UUID trust approval, first-proxy auto-approval on empty installs, backend Vault sync, expected log lines, current commands, and actual config keys. Placeholder/template text has been removed.

Architecture

AuthMe Premium is not just a proxy-side convenience plugin. The current supported flow has two layers:

Proxy component: Installed on BungeeCord / FlameCord or Velocity / VeloFlame. It handles premium decisions, self-service commands, premium UUID mode, storage, and bridge dispatch.
Backend Bukkit component: Installed on the backend auth server alongside AuthMeReloaded. It validates the proxy UUID, processes trusted force-actions, manages pending proxy approval, and optionally applies Vault group sync.
Network flow
Player → Proxy (AuthMe + AuthMe Premium)
       → Backend Auth Server (AuthMeReloaded + AuthMe Premium Bukkit)
       → Optional Vault group sync on the backend

Requirements

Component
Required
Notes
AuthMeReloaded
Yes
Install on the backend auth server.
AuthMe Bungee or AuthMe Velocity
Yes
Install the matching proxy-side AuthMe integration.
AuthMe Premium
Yes
Install on the proxy.
AuthMe Premium Bukkit
Yes
Install on the backend auth server to skip backend login/register and handle proxy trust.
Vault
Optional
Needed only for cracked/premium group synchronization on the backend.
Floodgate
Optional
Needed only if you want Bedrock auto-login support.
Storage
One
Choose YAML, MySQL, or Memory.
Version note: these docs describe current product behavior and config keys, but they intentionally do not promise a specific Minecraft version matrix unless you publish and verify that matrix separately in release notes.

Installation

Install the network in this order. The missing step in the old docs was the backend Bukkit bridge.

1

Backend auth server

Install AuthMeReloaded and AuthMe Premium Bukkit on the backend auth server.

2

Proxy auth integration

Install AuthMe Bungee or AuthMe Velocity on the proxy, depending on your platform.

3

Proxy plugin

Install AuthMe Premium on the proxy and configure storage, self-service commands, and optional integrations.

4

Optional integrations

Enable Floodgate for Bedrock support and Vault on the backend if you want group synchronization.

5

First boot verification

Start the network, verify the trust files are created, and test one premium join from the owner/admin account before opening to production.

Proxy plugins directory
proxy/plugins/
├─ AuthMeBungee.jar OR AuthMeVelocity.jar
├─ AuthMePremium.jar
└─ Floodgate.jar (optional)
Backend auth server plugins directory
auth-server/plugins/
├─ AuthMeReloaded.jar
├─ AuthMePremiumBukkit.jar
└─ Vault.jar (optional)

First-run trust expectation

On a clean backend install, allowed-proxies.txt starts empty. The first proxy UUID is auto-approved automatically for easy first setup. Later unknown proxy UUIDs go to pending-proxies.txt until reviewed manually.

Configuration

The site now documents the actual config keys shipped in the source.

Proxy config.yml

providerChoose YAML, MYSQL, or MEMORY.
command-blacklist.serversServers where /premium, /cracked, and /premiumuuid are blocked.
lobbies.servers
lobbies.mode
lobbies.max-players
premium-command.confirm
premium-command.confirm-timeout-seconds
premium-command.kick-after-confirm
self-service-commands.require-permission
auto-premium
authme-mysql-hook.*
always-offline
floodgate
bedrock-prefix
mysql.*
Bundled proxy config excerpt
provider: YAML

command-blacklist:
  servers:
    - "auth"
    - "auth-server"

lobbies:
  servers:
    - "lobby"
    - "lobby1"
  mode: "FIRST_FILL"
  max-players: 100

premium-command:
  confirm: true
  confirm-timeout-seconds: 15
  kick-after-confirm: true

self-service-commands:
  require-permission: false

auto-premium: true

authme-mysql-hook:
  enabled: false
  host: localhost
  port: 3306
  database: authme
  username: root
  password: password
  table: authme
  username-column: username

always-offline: false
floodgate: true
bedrock-prefix: "*"

mysql:
  host: localhost
  port: 3306
  database: authme_premium
  username: root
  password: password

Bukkit config.yml

vault.enabledTurns backend Vault synchronization on or off.
vault.cracked.vault-group-add
vault.cracked.vault-group-remove
vault.premium.vault-group-add
vault.premium.vault-group-remove
Bundled backend Bukkit config excerpt
vault:
  enabled: false
  cracked:
    vault-group-add:
      - cracked
    vault-group-remove:
      - premium
  premium:
    vault-group-add:
      - premium
    vault-group-remove:
      - cracked

Commands

Player self-service commands

/premium alias: /prem

Enable premium mode for your own account. If premium-command.confirm is enabled, the player must confirm within premium-command.confirm-timeout-seconds. If premium-command.kick-after-confirm is enabled, the player is disconnected so they can rejoin under the premium verification path.

/cracked alias: /crack

Disable premium mode for your own account and sync cracked state to the backend when the bridge is present.

/premiumuuid

Toggle premium UUID behavior for your own account.

Proxy admin commands

/authmepremium setpremium <player> <true|false>

Set premium mode for a target player in storage.

/authmepremium check <player>

Check whether a player is stored as premium.

/authmepremium clear [player]

Clear all stored data or one player’s data.

/authmepremium setpremiumuuid <player> <true|false>

Set premium UUID mode for a target player.

/authmepremium reload

Reload proxy configuration and messages.

Backend Bukkit admin commands

/authmepremium pendingproxies

List proxy UUIDs currently waiting for review.

/authmepremium approveproxy <uuid>

Move a pending proxy UUID into the approved allow-list.

/authmepremium rejectproxy <uuid>

Remove a pending proxy UUID from review without trusting it.

Permissions

Permission
Where
Description
authmepremium.usage
Proxy
Allows proxy admin commands such as setpremium, check, clear, setpremiumuuid, and reload.
authmepremium.admin
Backend Bukkit
Allows backend admins to review, approve, and reject proxy UUID trust entries.
authmepremium.premium
Proxy
Required for /premium only when self-service-commands.require-permission=true.
authmepremium.cracked
Proxy
Required for /cracked only when self-service-commands.require-permission=true.
authmepremium.premiumuuid
Proxy
Required for /premiumuuid only when self-service-commands.require-permission=true.

Proxy Trust

The backend bridge is protected by proxy UUID trust. This section is new because the feature itself is now central to deployment.

allowed-proxies.txt: approved proxy UUIDs that may send backend force-actions.
pending-proxies.txt: unknown proxy UUIDs that were seen but are not yet trusted.
First install behavior: if the approved list is empty, the first proxy UUID is auto-approved to simplify initial setup.
Later behavior: additional unknown proxy UUIDs are rejected and written to the pending file until manually reviewed.
Operational recommendation: test the first join yourself or from an admin account right after install, then review the trust files and keep them under normal backup/change control like the rest of your auth infrastructure.
Backend review commands
/authmepremium pendingproxies
/authmepremium approveproxy <uuid>
/authmepremium rejectproxy <uuid>

Storage Providers

YAML

Flat-file storage. Best for small servers or simple single-proxy setups.

MySQL

Persistent relational storage. Best for larger or multi-instance networks.

Memory

Fast testing mode. Data is cleared on restart.

Floodgate / Bedrock

Bedrock support is optional. When your proxy path uses Floodgate and the plugin configuration has floodgate: true, Bedrock players can follow the Bedrock auto-auth path instead of the normal Java premium detection path. Use bedrock-prefix only when your proxy/player naming strategy needs it.

Vault / Group Sync

Vault integration is optional and only exists on the backend Bukkit component.

When premium completion succeeds, groups in vault.premium.vault-group-add can be added and groups in vault.premium.vault-group-remove can be removed.
When cracked state is synced, groups in vault.cracked.vault-group-add can be added and groups in vault.cracked.vault-group-remove can be removed.
If vault.enabled: false, no group changes are attempted.

Expected Logs

These are the support-critical backend log lines that help diagnose setup and auth flow issues.

Backend log examples
[AuthMePremiumBukkit] Auto-approved first proxy UUID <uuid> because allowed-proxies.txt was empty.
[AuthMePremiumBukkit] Received trusted backend force action from proxy UUID <uuid>: requestId=<id>, action=COMPLETE_PREMIUM_LOGIN, username=<name>, registrationRequired=<true|false>
[AuthMePremiumBukkit] Queued AuthMe proxy auto-login session for premium user <name>
[AuthMePremiumBukkit] Prepared AuthMe premium account before join completion for <name>: requestId=<id>, registered=<true|false>
[AuthMePremiumBukkit] AuthMe has not authenticated <name> yet; running quiet forceLogin fallback for requestId=<id>
[AuthMePremiumBukkit] AuthMe backend premium completion succeeded for <name>: requestId=<id>, source=authme-authenticated
[AuthMePremiumBukkit] Sending backend force action result: requestId=<id>, action=COMPLETE_PREMIUM_LOGIN, username=<name>, success=true
[AuthMePremiumBukkit] Timed out waiting for AuthMe premium auto-login for <name>: requestId=<id>

Troubleshooting

Premium player still sees /login

Check whether the backend log ever shows Received trusted backend force action. If not, the proxy message is not reaching the backend path. Confirm the Bukkit bridge is installed and the player is actually reaching the auth server.

Premium player still sees /register

Check for backend logs showing account pre-registration and completion timing. If the player is new and the backend never reports success, inspect AuthMe + backend bridge logs together.

No backend force-action logs appear

Confirm AuthMe Premium Bukkit is installed, the backend channel is registered, and the proxy component is the version that actually dispatches bridge actions for premium completion.

Proxy UUID is pending or rejected

Run /authmepremium pendingproxies on the backend and approve or reject the UUID. On first install, the first proxy should auto-approve when the allow-list is empty.

Vault groups are not changing

Verify vault.enabled: true on the backend, confirm Vault is installed, and check whether the premium/cracked completion log actually reached success before expecting group changes.

Self-service commands do nothing

Check command-blacklist.servers for the current server name and verify whether self-service-commands.require-permission is forcing permission checks.

Floodgate / Bedrock is not auto-authenticating

Confirm Floodgate is installed on the proxy path, floodgate: true is enabled in the proxy config, and Bedrock traffic is actually reaching the supported proxy integration.

FAQ

Check for the backend force-action logs first. If the backend never receives the trusted action, the issue is upstream. If it does receive it, compare the follow-up completion logs and AuthMe logs together.

allowed-proxies.txt stores approved proxy UUIDs and pending-proxies.txt stores unknown UUIDs waiting for manual review. On a clean install, the first proxy UUID is auto-approved when the allow-list is empty.

Yes, optionally. Floodgate support is controlled by the proxy configuration and your proxy setup.

Changelog

2.0.0 docs refresh
  • Documented the backend Bukkit bridge and backend trust flow.
  • Added allowed-proxies.txt and pending-proxies.txt docs.
  • Documented backend commands for pending proxy review, approval, and rejection.
  • Documented first-proxy auto-approval when the allow-list is empty.
  • Added expected backend logs and troubleshooting sections.
  • Added Vault group sync and Floodgate / Bedrock reference docs.
  • Rebuilt homepage and docs page copy for current features, commands, and SEO.

Download

Use the BuiltByBit resource page for the current public release and marketplace updates.

Download AuthMe Premium on BuiltByBit Back to homepage