I finally wrote a (somewhat) clean and feature-complete authentication handler that is not hacked together

lib/launcher/python/yggdrasil.py

@@ -0,0 +1,42 @@
+import json, urllib2
+
+# This allows for easier addition of new actions
+discardResponse = {
+  "validate": True,
+  "invalidate": True,
+  "signout": True,
+  "authenticate": False,
+  "refresh": False
+}
+
+# Interaction with the Mojang authentication server
+def interact(action, data):
+    if discardResponse[action]:
+        try:
+            urllib2.urlopen(urllib2.Request(url="https://authserver.mojang.com/"+action, data=json.dumps(data).encode(),headers={"Content-Type": "application/json"})).read().decode()
+            return True, {}
+        except urllib2.HTTPError:
+            return False, {}
+    else:
+        try:
+            serverResponse = json.loads(urllib2.urlopen(urllib2.Request(url="https://authserver.mojang.com/"+action, data=json.dumps(data).encode(),headers={"Content-Type": "application/json"})).read().decode())
+            return True, serverResponse
+        except urllib2.HTTPError:
+            return False, {}
+
+# Wrapper functions for interact
+def authenticateUser(logname, passwd):
+    return interact("authenticate", {'username': logname, 'password': passwd, 'agent': {'version': 1, 'name': 'Minecraft'}})
+
+def validateToken(accessToken, clientToken):
+    return interact("validate", {'accessToken': accessToken, 'clientToken': clientToken})
+
+def refreshToken(accessToken, clientToken):
+    return interact("refresh", {'accessToken': accessToken, 'clientToken': clientToken})
+
+def deauthenticateUser(logname, passwd):
+    return interact("signout", {'username': logname, 'password': passwd})
+
+def invalidateToken(accessToken, clientToken):
+    return interact("invalidate", {'accessToken': accessToken, 'clientToken': clientToken})
+