103 lines
3.2 KiB
Markdown
103 lines
3.2 KiB
Markdown
# Introduction
|
|
Passport 1.4, or "Tweener", as it's sometimes called,
|
|
is an HTTP-based authentication system that was introduced with [MSNP8](../versions/msnp8.md).
|
|
|
|
For [MSNP12](../versions/msnp12.md) and above, read Passport 3.0.
|
|
|
|
# Nexus
|
|
The Passport Nexus is a server that provides information to other parties about how to use Passport.
|
|
|
|
It's default domain is `nexus.passport.com`.
|
|
|
|
## pprdr.asp
|
|
The Passport Redirection service returns the `PassportURLs` header, which contains the `DALogin` parameter
|
|
that is used to specify which server to attempt Passport 1.4 authentication with.
|
|
|
|
### Client/Request
|
|
```
|
|
GET /rdr/pprdr.asp HTTP/1.1
|
|
Host: nexus.passport.com
|
|
|
|
```
|
|
|
|
### Server/Response
|
|
```
|
|
HTTP/1.1 200 OK
|
|
Cache-Control: private
|
|
Content-Type: text/html
|
|
Content-Length: 0
|
|
PassportURLs: DARealm=Passport.Net,DALogin=login.passport.com/login2.srf,ConfigVersion=15
|
|
|
|
```
|
|
|
|
Where `PassportURLs` (case-sensitive) contains the following parameters:
|
|
* `DARealm`: The Domain Authority's realm name.
|
|
* `DALogin`: The Domain Authority's login endpoint.
|
|
* `ConfigVersion`: Increases by 1 every time that PassportURLs is updated to flush the URL cache.
|
|
|
|
# Passport Login
|
|
The Passport Login server is a HTTPS server that provides the login service (default is `login2.srf`)
|
|
specified in `DALogin` from the [Nexus](#nexus) response.
|
|
|
|
## login2.srf
|
|
The `login2.srf` endpoint is used for programmatic authentication.
|
|
|
|
### Client/Request
|
|
```
|
|
GET /login2.srf HTTP/1.1
|
|
Authorization: Passport1.4 Passport1.4 OrgVerb=GET,OrgURL=http%3A%2F%2Fmessenger%2Emsn%2Ecom,sign-in={user-handle},pwd={password},{server-args}
|
|
User-Agent: MSMSGS
|
|
Host: login.passport.com
|
|
Connection: Keep-Alive
|
|
Cache-Control: no-cache
|
|
|
|
```
|
|
|
|
Where `user-handle` is the URL-encoded user handle of the user to authenticate.
|
|
|
|
Where `password` is the URL-encoded password of the user to authenticate.
|
|
|
|
Where `server-args` is the parameter given to the server's response to the Initial [USR](../commands/usr.md).
|
|
|
|
### Server/Response
|
|
|
|
#### Authentication Redirection
|
|
If the server you are authenticating to does not support your account type,
|
|
but knows a server that does, this is used, otherwise [Authentication Successful](#authentication-successful) is.
|
|
|
|
If you are redirected, you have to send the `Authorization` header again to the new server specified in `Location`.
|
|
|
|
```
|
|
HTTP/1.1 302 Found
|
|
Cache-Control: no-cache
|
|
cachecontrol: no-store
|
|
Connection: close
|
|
Authentication-Info: Passport1.4 da-status=redir
|
|
Location: https://loginnet.passport.com/login2.srf?lc=1033
|
|
|
|
```
|
|
|
|
#### Authentication Successful
|
|
```
|
|
HTTP/1.1 200 OK
|
|
Cache-Control: no-cache
|
|
cachecontrol: no-store
|
|
Connection: close
|
|
Content-Type: text/html
|
|
Authentication-Info: Passport1.4 dastatus=success,from-PP='t=token&p=profile',ru=http://messenger.msn.com
|
|
Content-Length: 0
|
|
|
|
```
|
|
|
|
#### Authentication Failure
|
|
The `dastatus` may instead be `failed-noretry`.
|
|
```
|
|
HTTP/1.1 Unauthorized
|
|
Cache-Control: no-cache
|
|
cachecontrol: no-store
|
|
WWW-Authenticate Passport1.4 dastatus=failed,srealm=Passport.NET,ts=-1,prompt,cburl=http://www.passportimages.com/XPPassportLogo.gif
|
|
Content-Length: 154
|
|
|
|
<HTML><HEAD><META HTTP-EQUIV="REFRESH" CONTENT="0; URL=https://login.passport.com/pp25/login2.srf?f=11"><script>function OnBack(){}</script></HEAD></HTML>
|
|
```
|