Update authentication function

[PretendingToCode]

Although the current authentication method in place for this library returns a session, it is a game session. Tokens generated from this type of authentication cannot be used with the online API. Instead, use the following format:

https://authserver.mojang.com/authenticate
POST
Header: Content-Type: application/json
Body:
{
"captcha":"string: captcha key",
"captchaSupported":"InvisibleReCAPTCHA",
"password":"user password",
"requestUser":true,
"username":"user email"
}

Where 'captcha' is an invisible ReCAPTCHA key. Assets and POST request data can be found on the minecraft.net login page using the Chrome debugger.

[astra137]

I am fairly confident that this cannot be done in the context of Node.js, since ReCAPTCHA is designed to work in a browser with a human present.

In my experiments, it is possible to get a website session to work without the captcha, by first making a call to the user/security/location endpoint, then authenticating without specifying an agent. It only sometimes worked. I might do more research to see if I can find a reliable way to access the private user APIs.

[PretendingToCode]

That's interesting, works exactly as you described it. After a few uses the token becomes invalid, but I noticed that sending a request to that endpoint again will "refresh" the token and make it work for a short amount of time.