What is SideGate?
SideGate is a Bukkit-compatible plugin (Spigot/Paper/Purpur) for servers that want to stay in online-mode=true but still allow selected non-premium players.

Premium players continue normal Mojang authentication, while approved guest players are handled by SideGate guest flow.

When Floodgate or Geyser-Spigot is installed, detected Bedrock players remain on the Bedrock authentication path and are not treated as SideGate guests.

Links

• GitHub: https://github.com/TamKungZ/SideGate
• Documentation: https://dev.tamkungz.me/documentation/sidegate/
• CurseForge: https://www.curseforge.com/minecraft/bukkit-plugins/sidegate
• SpigotMC: https://www.spigotmc.org/resources/sidegate-1-20-x-1-21-x-bukkit.131104/

Why use it?

• Keep premium security path for normal players.
• Avoid fully switching the whole server to offline mode.
• Control exactly who can join as guest.
• Apply clear guest restrictions and visual labels.

Core Features (Current)

• Hybrid Login Flow: Premium users go through standard server authentication; guest candidates use SideGate injection flow.
• Manual Premium Override: premium-usernames always stay in premium path.
• Premium Session Failure Policy: Compare the login UUID with Mojang before encryption, then show a custom name-conflict message or continue as Guest.
• Guest Admission Policy: Use allow-all-guests or allowed-guests.
• Optional Auto-Detect: Mojang API lookup with internal cache (auto-detect-premium).
• Floodgate/Geyser Support: Automatically bypass guest classification for detected Bedrock players when either Bukkit plugin is installed.
• Fail-Closed Authentication: Mojang API failures leave players on normal online-mode authentication instead of granting guest access.
• Guest Handling: Add guest tag, set gamemode, send title/subtitle/messages.
• Guest Chat Prefix: Prefix applies to players with guest tag only.
• Runtime Reload: /sidegate reload.
• Public API: Addon plugins can integrate via SideGate API service.

Installation
Required dependency: https://www.spigotmc.org/resources/protocollib.1997/

1. Install ProtocolLib (5.x+).
2. Optionally install Floodgate and/or Geyser-Spigot for automatic Bedrock detection.
3. Put SideGate .jar in /plugins.
4. Set online-mode=true in server.properties.
5. Start/restart server.

Configuration Example
Requirements

• Java: 17+
• Server: Spigot / Paper / Purpur (Bukkit-compatible)
• Dependency: ProtocolLib 5.x+ (https://www.spigotmc.org/resources/protocollib.1997/)
• Optional integrations: Floodgate, Geyser-Spigot

Bug Reports
Report issues at:
https://github.com/TamKungZ/SideGate/issues

Please include:

• Server software + exact version
• Java version
• ProtocolLib version
• SideGate version
• Relevant startup/login logs

Project Status & License
Closed Source

• Normal server usage is allowed.
• Separate addon plugins using SideGate public API are allowed.
• Modification/redistribution/repackaging of SideGate is not allowed without permission.
• Commercial use or monetization requires prior permission by email: [email protected]

Public reference snapshot:
https://github.com/TamKungZ/SideGate ( sidegate-1.0.0-rc.1)

Security Notice
Guest/offline access has impersonation risk. For production servers, use an authentication plugin and strict permission setup.

If Mojang profile lookup is unavailable, SideGate does not assume the player is a guest. The server's normal online-mode authentication remains responsible for the login.

FALLBACK_TO_GUEST is a high-risk server-wide policy. It allows cracked clients to use Premium-registered usernames with Guest/offline UUIDs. Use an authentication plugin and UUID-based permissions.

The Premium session failure policy requires auto-detect-premium=true.

A client that deliberately spoofs the exact official UUID remains on normal online-mode authentication and cannot bypass Mojang session verification.