Added new section to Protocols (half done with it though): Changes to error codes, to ask "When did that error code get implemented and when did it get removed" Probably could be made better, eh. 5 Commands Remain. New change record, too.
3.2 KiB
Introduction
Passport 1.4, or "Tweener", as it's sometimes called, is an HTTP-based authentication system that was introduced with MSNP8.
For MSNP12 and above, read Passport 3.0.
Nexus
The Passport Nexus is a server that provides information to other parties about how to use Passport.
It's default domain is nexus.passport.com
.
pprdr.asp
The Passport Redirection service returns the PassportURLs
header, which contains the DALogin
parameter
that is used to specify which server to attempt Passport 1.4 authentication with.
Client/Request
GET /rdr/pprdr.asp HTTP/1.1
Host: nexus.passport.com
Server/Response
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Content-Length: 0
PassportURLs: DARealm=Passport.Net,DALogin=login.passport.com/login2.srf,ConfigVersion=15
Where PassportURLs
(case-sensitive) contains the following parameters:
DARealm
: The Domain Authority's realm name.DALogin
: The Domain Authority's login endpoint.ConfigVersion
: Increases by 1 every time that PassportURLs is updated to flush the URL cache.
Passport Login
The Passport Login server is a HTTPS server that provides the login service (default is login2.srf
)
specified in DALogin
from the Nexus response.
login2.srf
The login2.srf
endpoint is used for programmatic authentication.
Client/Request
GET /login2.srf HTTP/1.1
Authorization: Passport1.4 Passport1.4 OrgVerb=GET,OrgURL=http%3A%2F%2Fmessenger%2Emsn%2Ecom,sign-in={user-handle},pwd={password},{server-args}
User-Agent: MSMSGS
Host: login.passport.com
Connection: Keep-Alive
Cache-Control: no-cache
Where user-handle
is the URL-encoded user handle of the user to authenticate.
Where password
is the URL-encoded password of the user to authenticate.
Where server-args
is the parameter given to the server's response to the Initial USR.
Server/Response
Authentication Redirection
If the server you are authenticating to does not support your account type, but knows a server that does, this is used, otherwise Authentication Successful is.
If you are redirected, you have to send the Authorization
header again to the new server specified in Location
.
HTTP/1.1 302 Found
Cache-Control: no-cache
cachecontrol: no-store
Connection: close
Authentication-Info: Passport1.4 da-status=redir
Location: https://loginnet.passport.com/login2.srf?lc=1033
Authentication Successful
HTTP/1.1 200 OK
Cache-Control: no-cache
cachecontrol: no-store
Connection: close
Content-Type: text/html
Authentication-Info: Passport1.4 dastatus=success,from-PP='t=token&p=profile',ru=http://messenger.msn.com
Content-Length: 0
Authentication Failure
The dastatus
may instead be failed-noretry
.
HTTP/1.1 Unauthorized
Cache-Control: no-cache
cachecontrol: no-store
WWW-Authenticate Passport1.4 dastatus=failed,srealm=Passport.NET,ts=-1,prompt,cburl=http://www.passportimages.com/XPPassportLogo.gif
Content-Length: 154
<HTML><HEAD><META HTTP-EQUIV="REFRESH" CONTENT="0; URL=https://login.passport.com/pp25/login2.srf?f=11"><script>function OnBack(){}</script></HEAD></HTML>