Using only the currently logged in nodebb user and minecraft player.

Two routes needed:

Server-only route: POST route. Requires a unique key parameter. Only the forum and the minecraft server know the key. e.g. /mc/link?key=key User route: GET route. Used to link accounts, requires a UUID and a unique player key. e.g. /mc/link/:uuid/:key

Minimum two DB keys need:

{uuid}:key String key, stores the unique player key for the UUID. (Could also be a hash to store additional data.) user:{uid}:uuid String key, stores the UUID linked to the user. (Could also be stored on the user hash, or made into a set for multiple linkings.) Process: Minecraft player types a command. Server users server-only route to tell the forum it needs a registration link. Sending the unique key to verify the request is valid. Forum creates a unique player key and stores it in the DB, then sends the player key to the server. Server gives a link to the player, using the unique player key and the players' UUID. User visits link, if the user is logged in, and the uuid-key pair matches what is already in the DB, then the accounts are linked, using additional DB entries. The player key is deleted. Concerns: The player key should expire relatively quickly, like 5 minutes. Invalid requests to the user route should be monitored and blocked after a low threshold, like 3 tries. NodeBB middleware already validates the logged in user, which is why we do no additional checks. Note:

On the last line in the diagram, I send a confirmation message, but we can't actually do this because we have not established a persistent connection. You could solve this by either having an http server on the server, or creating a socket connection to the forum.

Or you could use Minecraft-Integration 😉