yellows111
/
msnp-wiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
msnp-wiki/docs/services/passport14.md

3.2 KiB
Raw Blame History

Introduction

Passport 1.4, or "Tweener", as it's sometimes called, is an HTTP-based authentication system that was introduced with MSNP8.

For MSNP12 and above, read Passport 3.0.

Nexus

The Passport Nexus is a server that provides information to other parties about how to use Passport.

It's default domain is nexus.passport.com.

pprdr.asp

The Passport Redirection service returns the PassportURLs header, which contains the DALogin parameter that is used to specify which server to attempt Passport 1.4 authentication with.

Client/Request

GET /rdr/pprdr.asp HTTP/1.1
Host: nexus.passport.com

Server/Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Content-Length: 0
PassportURLs: DARealm=Passport.Net,DALogin=login.passport.com/login2.srf,ConfigVersion=15

Where PassportURLs (case-sensitive) contains the following parameters:

  • DARealm: The Domain Authority's realm name.
  • DALogin: The Domain Authority's login endpoint.
  • ConfigVersion: Increases by 1 every time that PassportURLs is updated to flush the URL cache.

Passport Login

The Passport Login server is a HTTPS server that provides the login service (default is login2.srf) specified in DALogin from the Nexus response.

login2.srf

The login2.srf endpoint is used for programmatic authentication.

Client/Request

GET /login2.srf HTTP/1.1
Authorization: Passport1.4 Passport1.4 OrgVerb=GET,OrgURL=http%3A%2F%2Fmessenger%2Emsn%2Ecom,sign-in={user-handle},pwd={password},{server-args}
User-Agent: MSMSGS
Host: login.passport.com
Connection: Keep-Alive
Cache-Control: no-cache

Where user-handle is the URL-encoded user handle of the user to authenticate.

Where password is the URL-encoded password of the user to authenticate.

Where server-args is the parameter given to the server's response to the Initial USR.

Server/Response

Authentication Redirection

If the server you are authenticating to does not support your account type, but knows a server that does, this is used, otherwise Authentication Successful is.

If you are redirected, you have to send the Authorization header again to the new server specified in Location.

HTTP/1.1 302 Found
Cache-Control: no-cache
cachecontrol: no-store
Connection: close
Authentication-Info: Passport1.4 da-status=redir
Location: https://loginnet.passport.com/login2.srf?lc=1033

Authentication Successful

HTTP/1.1 200 OK
Cache-Control: no-cache
cachecontrol: no-store
Connection: close
Content-Type: text/html
Authentication-Info: Passport1.4 dastatus=success,from-PP='t=token&p=profile',ru=http://messenger.msn.com
Content-Length: 0

Authentication Failure

The dastatus may instead be failed-noretry.

HTTP/1.1 Unauthorized
Cache-Control: no-cache
cachecontrol: no-store
WWW-Authenticate Passport1.4 dastatus=failed,srealm=Passport.NET,ts=-1,prompt,cburl=http://www.passportimages.com/XPPassportLogo.gif
Content-Length: 154

<HTML><HEAD><META HTTP-EQUIV="REFRESH" CONTENT="0; URL=https://login.passport.com/pp25/login2.srf?f=11"><script>function OnBack(){}</script></HEAD></HTML>