In this article:
⤷ How It Works
⤷ What We Access
⤷ Managing Access
How It Works
Mythrend uses Microsoft's OAuth system to sign you in, the same secure process used by Minecraft itself and countless other apps. When you sign in, Microsoft asks you to log in directly on their own site, then sends Mythrend a set of tokens confirming who you are.
We never see or store your Microsoft password. At no point does that information pass through Mythrend's servers, it stays entirely between you and Microsoft.
What We Access
The tokens Microsoft provides let Mythrend do a few specific things:
Verify Your Xbox Live Profile
Used to confirm your account is in good standing and retrieve your associated Minecraft license and profile.
Read Your Basic Profile
Used to display your username and link your Mythrend account to the correct Minecraft identity.
Maintain Access
Allows Mythrend to keep you signed in and refresh your session without asking you to log in again every time. This doesn't give us any additional permissions beyond what's listed above.
Managing Access
You're always in control of what Mythrend can access. You can review exactly which permissions you've granted, and revoke them at any time, from Microsoft's App Access page.
Revoking access will sign you out of Mythrend and require you to reauthorize the next time you log in.
Want to add an extra layer of security on top of this? See Setting Up Two-Factor Authentication.