msnp-wiki/docs/services/passport14.md
yellows111 4bf934f857
[v0.1.4-beta.2] everything i want before msnp13
update version file, forgot this repo had one
fix mistakes and other such
add new information
finish passport (SOAP) stuff, may rename to RST later?, just mention in footnote for now

next commit WILL be msnp13 on 0.1.4 release, promise
2024-11-26 21:15:34 +00:00

3.2 KiB

Introduction

Passport 1.4, or "Tweener", as it's sometimes called, is an HTTP-based authentication system that was introduced with MSNP8.

For MSNP12 and above, read the Passport (SOAP) article.

Nexus

The Passport Nexus is a server that provides information to other parties about how to use Passport.

It's default domain is nexus.passport.com.

pprdr.asp

The Passport Redirection service returns the PassportURLs header, which contains the DALogin parameter that is used to specify which server to attempt Passport 1.4 authentication with.

Client/Request

GET /rdr/pprdr.asp HTTP/1.1
Host: nexus.passport.com

Server/Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Content-Length: 0
PassportURLs: DARealm=Passport.Net,DALogin=login.passport.com/login2.srf,ConfigVersion=15

Where PassportURLs (case-sensitive) contains the following parameters:

  • DARealm: The Domain Authority's realm name.
  • DALogin: The Domain Authority's login endpoint.
  • ConfigVersion: Increases by 1 every time that PassportURLs is updated to flush the URL cache.

Passport Login

The Passport Login server is a HTTPS server that provides the login service (default is login2.srf) specified in DALogin from the Nexus response.

login2.srf

The login2.srf endpoint is used for programmatic authentication.

Client/Request

GET /login2.srf HTTP/1.1
Authorization: Passport1.4 Passport1.4 OrgVerb=GET,OrgURL=http%3A%2F%2Fmessenger%2Emsn%2Ecom,sign-in={user-handle},pwd={password},{server-args}
User-Agent: MSMSGS
Host: login.passport.com
Connection: Keep-Alive
Cache-Control: no-cache

Where user-handle is the URL-encoded user handle of the user to authenticate.

Where password is the URL-encoded password of the user to authenticate.

Where server-args is the parameter given to the server's response to the initial USR.

Server/Response

Authentication Redirection

If the server you are authenticating to does not support your account type, but knows a server that does, this is used, otherwise Authentication Successful is.

If you are redirected, you have to send the Authorization header again to the new server specified in Location.

HTTP/1.1 302 Found
Cache-Control: no-cache
cachecontrol: no-store
Connection: close
Authentication-Info: Passport1.4 da-status=redir
Location: https://loginnet.passport.com/login2.srf?lc=1033

Authentication Successful

HTTP/1.1 200 OK
Cache-Control: no-cache
cachecontrol: no-store
Connection: close
Content-Type: text/html
Authentication-Info: Passport1.4 dastatus=success,from-PP='t=token&p=profile',ru=http://messenger.msn.com
Content-Length: 0

Authentication Failure

The dastatus may instead be failed-noretry.

HTTP/1.1 Unauthorized
Cache-Control: no-cache
cachecontrol: no-store
WWW-Authenticate: Passport1.4 dastatus=failed,srealm=Passport.NET,ts=-1,prompt,cburl=http://www.passportimages.com/XPPassportLogo.gif
Content-Length: 154

<HTML><HEAD><META HTTP-EQUIV="REFRESH" CONTENT="0; URL=https://login.passport.com/pp25/login2.srf?f=11"><script>function OnBack(){}</script></HEAD></HTML>