Protocols/OSCAR/Sign On: Difference between revisions

From NINA Wiki
Jump to navigation Jump to search
No edit summary
 
(35 intermediate revisions by the same user not shown)
Line 5: Line 5:
This page provides an overview of all of the available methods, primarily from the perspective of the sequence of events and linking to pages with further information.
This page provides an overview of all of the available methods, primarily from the perspective of the sequence of events and linking to pages with further information.


== Authorization ==
== Stage 1: Initial Authorization ==


Over the years, the NINA/ICQ/AIM backend has supported several different methods for authentication. Until the NINA project began taking over the responsibility for the OSCAR protocol, the only publicly supported login method was clientLogin. We actually support ''all'' authentication methods, even legacy ones, in order to support the full range of clients.
Over the years, the NINA/ICQ/AIM backend has supported several different methods for authentication. Until the NINA project began taking over the responsibility for the OSCAR protocol, the only publicly supported login method was clientLogin.  


=== FLAP ===
We actually support ''all'' authentication methods, even legacy ones, in order to support the full range of clients. Due to complexity and level of detail, each method had been separated into sub-articles.


This refers to the FLAP__FRAME_SIGNON authentication method for a user to authenticate to the network. This works similar to, but is not the same as, FLAP__FRAME_SIGNON sequences used to connect to BOS and other services.
;[[Protocols/OSCAR/Sign_On/FLAP|FLAP]]
: This is the oldest method of sign on, used prior to AIM 3.5. It is not to be confused with the FLAP-level sign on for BOSS and other services.
;[[Protocols/OSCAR/Sign_On/BUCP|BUCP]]
: This method is used from AIM 3.5 to AIM 5.9, for ICQ, and can be wrapped in TLS.
;[[Protocols/OSCAR/Sign_On/UAS|UAS]]
: Kerberos-based authentication is used in AIM 6+.
;[[Protocols/OSCAR/Sign_On/clientLogin|clientLogin]]
: This web-based login can be used by both OSCAR clients and [[Protocols/WebAPI|WebAPI]] clients.
 
== Stage 2: Connecting to BOSS ==
 
Connect to the host and port (optionally over TLS) provided in the previous step, regardless of the method it was obtained.
 
=== Step #1 - Send FLAP SIGNON Frame ===
 
Once connected, the client should send a [[Protocols/OSCAR/FLAP#FLAP_FRAME_SIGNON|FLAP__FRAME_SIGNON]] with the login cookie and any version information it would like to provide.
 
{| class="wikitable"
! Field
! Size
! Value
|-
| u08
| flapHeader.startMarker
| '*'
|-
| u08
| flapHeader.frameType
| 0x01 ([[Protocols/OSCAR/FLAP#Class:_FLAP_FRAME|FLAP__FRAME_SIGNON]])
|-
| u16
| flapHeader.sequenceNumber
| XX
|-
| u16
| flapHeader.payloadLength
| YY
|-
| u32
| version
| 0x01
|-
| u16
| tlvs[0].tag
| 0x06 ([[Protocols/OSCAR/Sign_On#TLV_Class:_FLAP_SIGNON_TAGS|FLAP__SIGNON_TAGS_LOGIN_COOKIE]])
|-
| u16
| tlvs[0].len
| 0x100
|-
| blob
| tlvs[0].value
| base64 decoded $cookie value from Step #2
|-
| u16
| tlvs[1].tag
| 0x4A ([[Protocols/OSCAR/Sign_On#Class:_OSERVICE_MULTICONN_FLAGS|OSERVICE__MULTICONN_FLAGS]])
|-
| u16
| tlvs[1].len
| 0x01
|-
| u08
| tlvs[1].value
| 0x01
|}
 
# It should then listen for a [[Protocols/OSCAR/FLAP#FLAP_FRAME_SIGNON|FLAP__FRAME_SIGNON]] from BOSS before continuing.
# Once it has received the [[Protocols/OSCAR/FLAP#FLAP_FRAME_SIGNON|FLAP__FRAME_SIGNON]], the client can start sending SNAC messages to the server.
 
 
==== From Aleksandr Shutko: CLI_COOKIE: server BOS login request ====
 
<table width=640 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr><td  bgcolor=#4040FF >
<table width=100% cellSpacing=0 cellPadding=0 border=0>
<tr>
<td><b><font color="white">CLI_COOKIE&nbsp;</font></b></td>
<td width=70% align=right><b><font color="white">&nbsp;</font></b></td>
</tr>
</table>
</td></tr>
</table>
</td></tr></table>
 
<table width=640 cellSpacing=0 cellPadding=0 border=0>
<tr>
<td>
<br>
Client use this to login to BOS server. This packet contain cookie, received during
authorization. Client should send it to FLAP channel 0x01. See also
[[Protocols/OSCAR/Sign_On|login sequence]] info.
<br><br>
 
<table width=640 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr><td  bgcolor=#E9E9E9 >
 
<table width=640 cellSpacing=0 cellPadding=0 align=center border=0>
<tr>
<td width=20></td>
<td width=130>&nbsp;00 00 00 01</td>
<td>dword</td>
<td width=58%>protocol version number</td>
</tr>
</table>
 
</td></tr>
<tr><td bgcolor=#E9E9E9>
 
 
<table width=640 cellSpacing=0 cellPadding=0 align=center border=0>
<tr><td height=8 colspan=3></td></tr>
<tr><td width=20> </td>
<td>
 
<table width=610 bgcolor=darkgreen cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 align=center border=0><tr><td  bgcolor=#f9f9f9 >
 
<table width=610 cellSpacing=0 cellPadding=0 align=center border=0>
<tr>
<td width=20%>&nbsp;00 06</td>
<td width=5>&nbsp;</td>
<td>word</td>
<td width=5>&nbsp;</td>
<td width=60%>TLV.Type(0x06) - authorization cookie</td>
</tr>
<tr>
<td>&nbsp;xx xx</td>
<td width=5>&nbsp;</td>
<td>word</td>
<td width=5>&nbsp;</td>
<td width=60%>TLV.Length</td>
</tr>
</table>
 
</td></tr>
<tr><td  bgcolor=#f9f9f9 >
 
<table width=610 cellSpacing=0 cellPadding=0 align=center border=0>
<tr>
<td width=20%>&nbsp;xx ..</td>
<td width=5>&nbsp;</td>
<td>array</td>
<td width=5>&nbsp;</td>
<td width=60%>authorization cookie</td>
</tr></table>
 
</td></tr></table>
</td></tr></table>
 
</td><td width=5> </td>
</tr><tr><td height=5 colspan=3> </td></tr>
</table>
 
<!-- TLV 0x?? -->
<table width=640 cellSpacing=0 cellPadding=0 align=center border=0>
<tr><td height=8 colspan=3></td></tr>
<tr><td width=20> </td>
<td>
 
  <table width=610 bgcolor=darkgreen cellSpacing=0 cellPadding=0 border=0><tr><td>
  <table width=100% cellSpacing=2 cellPadding=0 align=center border=0>
  <tr><td bgcolor=#f9f9f9 >
 
  <table width=610 cellSpacing=0 cellPadding=0 align=center border=0 >
    <tr><td>may contain other tlv from the [[Protocols/OSCAR/TLV#Common_TLVs|following    list]] (+).</td></tr>
  </table>
 
  </td></tr>
  </table>
</td></tr></table>
 
</td><td width=5> </td>
</tr>
<tr><td height=5 colspan=3> </td></tr>
</table>
 
</td></tr></table>
</td></tr></table>
</td></tr></table>
 
<br>Example SNAC dump with flap header:
<table width=640 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr>
<td bgcolor=#E9E9E9>
<font size=3><pre style="font-size: 13px">
 
  2A 01 10 1F 01 08 00 00 00 01 00 06 01 00 37 37 *.............77
  37 37 37 37 3F 29 44 42 7B 43 31 34 65 32 44 61 7777?)DB.C14e2Da
  31 44 42 66 65 34 42 30 32 30 30 44 61 44 44 39 1DBfe4B0200DaDD9
  42 35 63 32 35 42 63 33 30 64 44 61 32 66 33 66 B5c25Bc30dDa2f3f
  38 63 36 32 65 35 63 7C 65 38 40 41 41 41 41 41 8c62e5c.e8@AAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41      AAAAAAAAAAAAAA
 
</pre></font>
</td></tr></table>
</td></tr></table>
 
== Stage 3: Going Online ==
 
Once the connection has been established and the FLAP signon frames have been exchanged, the client can start sending SNACs to the server.
 
=== Step 1: Rights Requests ===
Usually the first thing the client sends are all the rights queries and a [[Protocols/OSCAR/SNAC/FEEDBAG__QUERY|FEEDBAG__QUERY]] SNAC. It can and should send all these requests in parallel for a quicker login experience.
 
# Client queries the BUDDY foodgroup for rights: [[Protocols/OSCAR/SNAC/BUDDY__RIGHTS_QUERY|BUDDY__RIGHTS_QUERY]]
# Query the PD foodgroup rights: [[Protocols/OSCAR/SNAC/PD_RIGHTS_QUERY|PD_RIGHTS_QUERY]]
# Query the LOCATE foodgroup rights: [[Protocols/OSCAR/SNAC/LOCATE_RIGHTS_QUERY|LOCATE_RIGHTS_QUERY]]
# Query the FEEDBAG foodgroup rights: [[Protocols/OSCAR/SNAC/FEEDBAG_RIGHTS_QUERY|FEEDBAG_RIGHTS_QUERY]]
# Query what the Buddy List and preferences are: [[Protocols/OSCAR/SNAC/FEEDBAG_QUERY|FEEDBAG_QUERY]]
 
=== Step 2: FEEDBAG Use and Client Online ===
 
Once all the rights replies and feedbag replies are received, it is time to tell the server that the client is ready to proceed.
 
# First tell the server that the feedbag looks OK and the client is ready to use it: [[Protocols/OSCAR/SNAC/FEEDBAG_USE|FEEDBAG_USE]]
# Next we tell the client we are ready to appear online to everyone else and our version numbers: [[Protocols/OSCAR/SNAC/OSERVICE_CLIENT_ONLINE|OSERVICE_CLIENT_ONLINE]]
 
=== Step 3: Online ===
The client is now considered online, visible to other users, and will start to receive [[Protocols/OSCAR/SNAC/BUDDY__ARRIVED|BUDDY__ARRIVED]] for any online buddies.


Next steps:
Next steps:
* [[Protocols/OSCAR/Sign_On#Connecting_to_BOSS|Connecting to BOSS]]
* [[Protocols/OSCAR/Services/BART/Tutorials#Getting_a_User.27s_Buddy_Icon|Getting a User's Buddy Icon]]
* [[Protocols/OSCAR/Foodgroups/ICBM/Tutorials#Sending_Typing_Event|Sending]] and [[Protocols/OSCAR/Foodgroups/ICBM/Tutorials#Receiving_Typing_Event|Receiving]] typing events.
* [[Protocols/OSCAR/Foodgroups/ICBM/Tutorials#Sending_IM|Sending]] and [[Protocols/OSCAR/Foodgroups/ICBM/Tutorials#Receiving_IM|Receiving]] IMs.
* [[Protocols/OSCAR/Foodgroups/LOCATE/Tutorials#Getting_a_User.27s_Buddy_Info|Getting a User's Buddy Info]]


=== BUCP ===


Next steps:
==== From Aleksandr Shutko: Detailed OSCAR login sequence description ====
* [[Protocols/OSCAR/Sign_On#Connecting_to_BOSS|Connecting to BOSS]]
 
<table width=160 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr><td  bgcolor=#4040FF >
<table width=160 cellSpacing=0 cellPadding=0 border=0>
<tr>
<td><b><font color="white" size=2>&nbsp;Login sequence&nbsp;</font></b></td>
<td width=5% align=right><b><font color="white">&nbsp;</font></b></td>
</tr>
</table>
</td></tr>
</table>
</td></tr></table>
 
<br>
 
<table width=160 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr><td  bgcolor=#E5E5E5 >
<table width=160 cellSpacing=1 cellPadding=1 border=0>
<tr>
<td bgcolor=#f9f9f9 width=20 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 width=110 valign=top><font size=2>&nbsp;&nbsp;<b>Auth connect</b></font></td>
</tr>
 
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/Sign_On/FLAP|cli_ident]]</b></font></td>
</tr>
 
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/Sign_On/FLAP#FLAP_FRAME_SIGNOFF|srv_cookie]]</b></font></td>
</tr>
 
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>Auth disconnect</b></font></td>
</tr>
 
 
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>BOS connect</b></font></td>
</tr>


=== UAS ===
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/Sign_On#Stage_2:_Connecting_to_BOSS|cli_cookie]]</b></font></td>
</tr>


Next steps:
<tr>
* [[Protocols/OSCAR/Sign_On#Connecting_to_BOSS|Connecting to BOSS]]
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_03|SNAC(01,03)]]</b></font></td>
</tr>


=== clientLogin ===
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_17|SNAC(01,17)]]</b></font></td>
</tr>


The clientLogin method allows the client to collect the user name and password and make a simple web service call to retrieve authentication credentials. These credentials are then used in future web service calls to sign requests to help against man in the middle and reply attacks.
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_18|SNAC(01,18)]]</b></font></td>
</tr>


Authentication and requesting the BOSS connection normally requires two web service calls.
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_06|SNAC(01,06)]]</b></font></td>
</tr>


# The [[Protocols/WebAPI/Auth/Client|clientLogin]] call checks the key, loginId, and password and performs any rate limit or captcha challenges
<tr>
# The [[Protocols/WebAPI/Reference/Methods/Session#startOSCARSession|startOSCARSession]] call requests a BOSS connection and returns where the client needs to connect to and a one time use cookie to present to the BOSS server for authentication. This call requires an OAuth style URL signing which is described along with [[Protocols/WebAPI/Auth/Client|clientLogin]]. ''URL signing requires the computers clock to be accurate or the use of hostTime returned by clientLogin, parameters are in [http://oauth.net/core/1.0/#sig_norm_param alphabetical order], and [http://oauth.net/core/1.0/#encoding_parameters percent-encoding] uses upper case characters.''
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_07|SNAC(01,07)]]</b></font></td>
</tr>


Here is an example of the sign on process:
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_08|SNAC(01,08)]]</b></font></td>
</tr>


==== Step #1 - Authentication Request ====
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_13_02|SNAC(13,02)]]</b></font></td>
</tr>


The client should collect the loginId and password for the user. It should not do any length or character validations. A POST web service call should be made to:
<tr>
<pre>https://api.screenname.nina.bz/auth/clientLogin?f=&#91;FORMAT&#93;</pre>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
...with a POST body of...
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_13_05|SNAC(13,05)]]</b></font></td>
<pre>k=&#91;KEY&#93;&s;=&#91;LOGINID&#93;&pwd;=&#91;PASSWORD&#93;&clientVersion;=&#91;CLIENTVERSION&#93;&clientName;=&#91;clientName&#93;</pre>
</tr>
...and a content type of '''application/x-www-form-urlencoded''' with the following values for the query string:


; &#91;FORMAT&#93;
<tr>
: Format to return the response in; XML, AMF3, PHP, JSON are all supported
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
; &#91;KEY&#93;
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_02_02|SNAC(02,02)]]</b></font></td>
: Client key obtained from [https://dev.nina.bz/webapi/keys/manage/ here]
</tr>
; &#91;LOGINID&#93;
: URI encoded loginId entered by the user
; &#91;PASSWORD&#93;
: URI encoded password entered by the user
; &#91;clientVersion&#93;
: A single number representing the client version number for metrics and tracking, usually the build number
; &#91;clientName&#93;
: URI encoded friendly name representing the client being used


==== Step #2 - Authentication Reply ====
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_03_02|SNAC(03,02)]]</b></font></td>
</tr>


There can be several intermediate replies before a successful authentication is completed. These include incorrect passwords, need for extra credentials, or the need for the user to complete a CAPTCHA challenge. To test if a client supports CAPTCHA challenges correctly it can add an extra parameter of '''forceRateLimit=true'''. ''It is recommended that all clients test CAPTCHA support.''
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_04_04|SNAC(04,04)]]</b></font></td>
</tr>


When successfully authenticated, the token->a and sessionSecret need to be extracted from the results. The sessionSecret is used to generate a sessionKey that will be used on future calls. For example, the startOSCARSession service, the start page, and the expressions page all require the sessionKey.
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_09_02|SNAC(09,02)]]</b></font></td>
</tr>


The sessionKey is calculated using:
<tr>
<pre>sessionKey = hmac_sha256_base64($sessionSecret, $password);</pre>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_02_03|SNAC(02,03)]]</b></font></td>
</tr>


For example, if the sessionSecret was "AB123FO" and the user's password was "weakpassword", then the sessionKey would be "ZyCaA1QlF8oBzh0QXeXNCf+7qUItBaiXwk3xOVcFZhY=" Historically some hmac_sha256_base64 do not return valid base64 data. All these APIs require valid base64 data, so check the implementation being used.
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_03_03|SNAC(03,03)]]</b></font></td>
</tr>


==== Step #3 - Start OSCAR Session Request ====
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_04_05|SNAC(04,05)]]</b></font></td>
</tr>


Once successfully authenticated, the client needs to connect to the BOSS server to start the AIM session. This is done by requesting a BOSS reservation and then connecting to the BOSS server. Requesting the BOSS reservation is done with a [[Protocols/WebAPI/Reference/Methods/Session#startOSCARSession|startOSCARSession]] WIM call.
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_09_03|SNAC(09,03)]]</b></font></td>
</tr>


This call requires an OAuth style URL signing which is described along with [[Protocols/WebAPI/Auth/Client|clientLogin]]. ''URL signing requires the computers clock to be accurate or the use of hostTime returned by clientLogin, parameters are in [http://oauth.net/core/1.0/#sig_norm_param alphabetical order], and [http://oauth.net/core/1.0/#encoding_parameters percent-encoding] uses upper case characters.''
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_13_03|SNAC(13,03)]]</b></font></td>
</tr>


; &#91;FORMAT&#93;
<tr>
: Format to return the response in: XML, AMF3, PHP, JSON are all supported
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
; &#91;KEY&#93;
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_13_0F|SNAC(13,0F)]]</b></font></td>
: Client key obtained from [https://dev.nina.bz/webapi/keys/manage/ here]
</tr>
; &#91;TOKEN&#93;
: The URI encoded token extracted from clientLogin
; &#91;clientVersion&#93;
: A single number representing the client version number for metrics and tracking
; &#91;clientName&#93;
: A URI encoded friendly name representing the client being used
; &#91;TIME&#93;
: The current time, in seconds, since UNIX EPOCH
; &#91;USETLS&#93;
: Should the connection to BOSS use TLS


<pre>
<tr>
$uri = "http://api.oscar.aol.com/aim/startOSCARSession";
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
$queryString = "a=[TOKEN]&clientName;=CLIENTNAME]&clientVersion;=[CLIENTVERSION]&f;=[FORMAT]&k;=[KEY]&ts;=[TIME]&useTLS;=[USETLS]";
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_13_07|SNAC(13,07)]]</b></font></td>
$hashData= "GET&" . uri_encode($uri) . "&" . uri_encode($queryString);
</tr>
$digest = hmac_sha256_base64($hashData, $sessionKey);
$url = $uri . "?" . $queryString . "&sig;_sha256=$digest";
</pre>


==== Step #4 - Start OSCAR Session Reply ====
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_02_04|SNAC(02,04)]]</b></font></td>
</tr>


On a successful startOSCARSession, the backend will return where the BOSS server is running, the cookie to present to the BOSS server, and the certname that should be validated when connecting to BOSS if TLS was selected. At this point the client should connect to BOSS using FLAP or FLAP over TLS and start sending SNACs back and forth.
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_04_02|SNAC(04,02)]]</b></font></td>
</tr>


Next steps:
<tr>
* [[Protocols/OSCAR/Sign_On#Connecting_to_BOSS|Connecting to BOSS]]
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
* [[Protocols/OSCAR/Sign_On/Single_Sign_On_to_Web_Pages|Single Signon to Web Pages] Tutorial
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_1E|SNAC(01,1E)]]</b></font></td>
</tr>


<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_02|SNAC(01,02)]]</b></font></td>
</tr>


</table>


</td></tr></table>
</td></tr></table>




<pre>
==== From Aleksandr Shutko: Detailed OSCAR login sequence description ====


-------------------------------------------------------------------------------------------
<table width=160 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr><td  bgcolor=#4040FF >
<table width=160 cellSpacing=0 cellPadding=0 border=0>
<tr>
<td><b><font color="white" size=2>&nbsp;Login sequence&nbsp;</font></b></td>
<td width=5% align=right><b><font color="white">&nbsp;</font></b></td>
</tr>
</table>
</td></tr>
</table>
</td></tr></table>
<br>
<table width=160 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr><td  bgcolor=#E5E5E5 >


Connection overview
<table width=160 cellSpacing=1 cellPadding=1 border=0>
<tr>
<td bgcolor=#f9f9f9 width=20 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 width=110 valign=top><font size=2>&nbsp;&nbsp;<b>Auth connect</b></font></td>
</tr>


3.0 Connection Management
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_17_06|SNAC(17,06)]]</b></font></td>
</tr>


Every protocol begins with a single step...
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_17_07|SNAC(17,07)]]</b></font></td>
</tr>


3.1 The Life and Times of OSCAR, the Real-Time Messenger (Overview)
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_17_02|SNAC(17,02)]]</b></font></td>
</tr>


Before connections are made to any of the BOS or special-purpose servers, you must first be authorized by the Authorization Server (login.oscar.aol.com). This will return a cookie that automatically authorizes you to connect to any of the BOS or special-purpose (eg, Advertisement, Chat, etc) servers. This streamlines the login process quite a bit.
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_17_03|SNAC(17,03)]]</b></font></td>
</tr>


The normal steps taken to create an average AIM session are as follows:
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>Auth disconnect</b></font></td>
</tr>


1. Connect to Authorizer and retrieve Cookie.
2. Connect to the Authorizer-recommended BOS server and initiate BOS service
3. (Optional) Connect to Advertisements server and retrieve first block of ads (repeat at regular interval)
4. (Optional) Connect to any other non-BOS services that may be available (AFAIK, none at this point)


The last three steps may actually be done in any order (and for the third and fourth step, probably not at all). But, authorization must always come first.
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>BOS connect</b></font></td>
</tr>


3.2 OSCAR Authorization
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/Sign_On#Stage_2:_Connecting_to_BOSS|cli_cookie]]</b></font></td>
</tr>


OSCAR has a sense of the "single-login" concept. You login once and get a "cookie" that automatically authorizes you to use any of the OSCAR-associated services, just by sending them your cookie.
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_03|SNAC(01,03)]]</b></font></td>
</tr>


The first step of the process is connecting to the Authorizer. This currently resides at the DNS address login.oscar.aol.com. It also appears that you may connect to any port and get the same response. (The AIM clients use 5190, James uses 443, I've used 21 (telnet) before as well.)
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_17|SNAC(01,17)]]</b></font></td>
</tr>


After the connection, the client must send the "Authorization Request" command. The server also sends a 4b+FLAP command to the client after each new connection, called the "Connection Acknowledge" command. This may be accepted and processed before or after the inital command from the client (for use it dispatch routines, this can be used as a sign that the inital login should be sent). The response to this ("Authorization Response") contains the cookie to be used for the BOS and other connections. But, if the the Authorization Request fails, you'll get back any one of the several "Authorization Errors". After you've gotten your cookie, it's safe to disconnect yourself from the Authorizer.
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_18|SNAC(01,18)]]</b></font></td>
</tr>


3.3 BOS Singon
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_06|SNAC(01,06)]]</b></font></td>
</tr>


The next step is usually to connect to and initiate service with the BOS. The address of the BOS you should connect to is listed in the Authorization Response. The first step for this connection is to send the BOS-Signon command to the server. But, for the purposes of dispatching, it may be best to wait to send this command until the Connection Acknowledge command is recieved from the server immediatly after the connection opens, although this is optional and can be processed afterwards.
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_07|SNAC(01,07)]]</b></font></td>
</tr>


Normal BOS signon looks something like this...
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_08|SNAC(01,08)]]</b></font></td>
</tr>


1. Server sends Connection Acknowledge
<tr>
2. Client sends BOS SignOn command.
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
3. Server sends BOS Host-Ready.
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_13_02|SNAC(13,02)]]</b></font></td>
4. Client sends Rate Information Request.
</tr>
5. Server sends Rate Information Response.
6. Client sends Rate Information Acknowledge.
7. Client requests (in no particular order):
+ Set Privacy Flags
+ Request Our User Information
+ Request New Service
+ Optional: Request BOS Rights
+ Optional: Request Buddy List Rights
+ Optional: Request Locate Rights
+ Optional: Request ICBM Parameter Information
8. Server sends all the information requested (again, in no particular order):
+ Our User Information Response
+ BOS Rights Response
+ Buddy List Rights Response
+ Locate Rights Response
+ ICBM Parameter Information Response
+ New Service Redirect
9. (Aparently Optional) Client sends a SNAC of family 0x0009, subtype 0x0004, data {0x0000, 0x001f}.
10. (Aparently Optional) Client sends a SNAC of family 0x0009, subtype 0x0007, no data.
11. Client sends up buddy list using the Add Buddy to Buddy List command.
12. Client sends up user's profile using the Set User Information command.
13. Client sends the Set Initial ICBM Parameter command.
14. Client sends the Client Ready command.


At that point, you can either quit and begin processing live events, or you may use the information provided in the New Service Redirect command to connect to the Advertisments or other server.
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_13_05|SNAC(13,05)]]</b></font></td>
</tr>


3.4 Logout
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_02_02|SNAC(02,02)]]</b></font></td>
</tr>


Logging off of AIM is about the simplest thing you can do. The abrupt way to do it is just closing the connection to the main message server. That will normally do it. Sometimes, though, the AIM client sends a small command to the server before it closes, but expects no response. I've found the best way is just to close it forget about it.
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_03_02|SNAC(03,02)]]</b></font></td>
</tr>


This "logout command" is just a FLAP without a Data Field, and the Data Field Length set to 0x0000.
<tr>
</pre>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_04_04|SNAC(04,04)]]</b></font></td>
</tr>


<pre>
<tr>
[Source: Server] Connection Acknowledge
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
This is sent by the server after a new connection has been opened and is ready for duplex operation.
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_09_02|SNAC(09,02)]]</b></font></td>
</tr>


Container Data TLV Type
<tr>
RAW FLAP Header (channel 0x01)
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
DWORD FLAP version (0x00000001)
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_02_03|SNAC(02,03)]]</b></font></td>
</pre>
</tr>


<pre>
<tr>
[Source: Client] Authorization Request - notes from another
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_03_03|SNAC(03,03)]]</b></font></td>
</tr>


Send as the first command to the Authorizer, and is used for requesting authorization and the associated cookie.
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_04_05|SNAC(04,05)]]</b></font></td>
</tr>


Container Data TLV Type
<tr>
RAW FLAP Header (channel 0x01)
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
RAW 0x0000
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_09_03|SNAC(09,03)]]</b></font></td>
RAW 0x0001
</tr>
TLV1 Screen Name 0x0001
TLV2 "Encrypted" Password 0x0002
TLV3 ClientProfile 0x0003
TLV4 Unknown: 0x0001 0x0016
TLV5 Client Version Major 0x0017
TLV6 Client Version Minor 0x0018
TLV7 Client Version Build 0x001a
TLV8 Country Code 0x000e
TLV9 Language Code 0x000f
TLV10 Unknown: 0x0015 0x0009
</pre>


<pre>
<tr>
[Source: Server] Authorization Successful Response - notes from another
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_13_03|SNAC(13,03)]]</b></font></td>
</tr>


This is sent in response to successful completion of the Authorization Requeset command. This contains the cookie used to connect to the rest of the BOS and AIM-related services.
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&lt;&lt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_13_0F|SNAC(13,0F)]]</b></font></td>
</tr>


Container Data TLV Type
<tr>
RAW FLAP Header (channel 0x04)
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
TLV Screen Name 0x0001
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_13_07|SNAC(13,07)]]</b></font></td>
TLV BOS Server IP 0x0005
</tr>
TLV Authorization Cookie 0x0006
TLV EMail Address 0x0011
TLV Registration Status 0x0013
</pre>


<pre>
<tr>
[Source: Server] Auth error notes from another
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_02_04|SNAC(02,04)]]</b></font></td>
</tr>


This/these are sent back instead of the Authorization Response command in the case of authorization failure.
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_04_02|SNAC(04,02)]]</b></font></td>
</tr>


Container Data TLV Type
<tr>
RAW FLAP Header (channel 0x04)
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
TLV Screen Name 0x0001
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_1E|SNAC(01,1E)]]</b></font></td>
TLV Error Message URL 0x0004
</tr>
TLV Error Code 0x0008


Currently Known Error Codes for TLV Type 0x0008:
<tr>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>&gt;&gt;</b></font></td>
<td bgcolor=#f9f9f9 valign=top><font size=2>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_02|SNAC(01,02)]]</b></font></td>
</tr>


Error Code 0x0001
</table>
http://www.aim.aol.com/errors/UNREGISTERED_SCREENNAME.html
Invalid Screen Name


Error Code 0x0005
</td></tr></table>
http://www.aim.aol.com/errors/MISMATCH_PASSWD.html
</td></tr></table>
SN/Pasword Mismatch (Invalid Password)
</pre>


<pre>
BOS Signon Request [Source: Client]


Send as the first command to the BOS connection. The Cookie comes from the Authorization Response.


Container Data TLV Type
[[Category:With_Contrib]]
RAW FLAP Header (channel 0x01)
RAW 0x0000
RAW 0x0001
TLV Authorization Cookie 0x0006
</pre>


== FLAP Login Sign On Errors (Temp) ==
== FLAP Login Sign On Errors (Temp) ==
Line 329: Line 671:
| SN/Pasword Mismatch (Invalid Password)
| SN/Pasword Mismatch (Invalid Password)
|}
|}
=== From Aleksandr Shutko: AUTH_FAILED: server authorization failed response ===
<table width=640 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr><td  bgcolor=#4040FF >
<table width=100% cellSpacing=0 cellPadding=0 border=0>
<tr>
<td><b><font color="white">AUTH_FAILED&nbsp;</font></b></td>
<td width=70% align=right><b><font color="white">&nbsp;</font></b></td>
</tr>
</table>
</td></tr>
</table>
</td></tr></table>
<table width=640 cellSpacing=0 cellPadding=0 border=0>
<tr>
<td>
<br>
This is the server error reply for for [[Protocols/OSCAR/Sign_On/FLAP|cli_ident]]
packet. It contain authorization error code (see list bellow). It always come from
FLAP channel 0x04. See also channel 0x01 authorization
[[Protocols/OSCAR/Sign_On|sequence]] info. Here is known authorization error codes
list:<br><br>
<table width=100% bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr><td bgcolor=#E5E5E5>
<table width=100% cellSpacing=1 cellPadding=1 border=0>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0001</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Invalid nick or password</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0002</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;Service temporarily unavailable</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0003</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;All other errors</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0004</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;Incorrect nick or password, re-enter</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0005</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;Mismatch nick or password, re-enter</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0006</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;Internal client error (bad input to authorizer)</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0007</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;Invalid account</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0008</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;Deleted account</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0009</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;Expired account</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x000A</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;No access to database</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x000B</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;No access to resolver</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x000C</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;Invalid database fields</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x000D</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;Bad database status</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x000E</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;Bad resolver status</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x000F</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;Internal error</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0010</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;Service temporarily offline</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0011</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;Suspended account</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0012</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;DB send error</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0013</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;DB link error</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0014</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;Reservation map error</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0015</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;Reservation link error</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0016</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;The users num connected from this IP has reached the maximum</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0017</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;The users num connected from this IP has reached the maximum (reservation)</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0018</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;Rate limit exceeded (reservation). Please try to reconnect in a few minutes</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0019</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;User too heavily warned</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x001A</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;Reservation timeout</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x001B</b></td>
<td bgcolor=#f9f9f9 valign=top >&nbsp;&nbsp;You are using an older version of ICQ. Upgrade required</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x001C</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;You are using an older version of ICQ. Upgrade recommended</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x001D</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Rate limit exceeded. Please try to reconnect in a few minutes</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x001E</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Can't register on the ICQ network. Reconnect in a few minutes</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0020</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Invalid SecurID</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 width=70 valign=top>&nbsp;&nbsp;<b>0x0022</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Account suspended because of your age (age &lt; 13)</td>
</tr>
</table>
</td></tr></table>
</td></tr></table>
<br>
<table width=640 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr><td  bgcolor=#E9E9E9 >
<table width=640 cellSpacing=0 cellPadding=0 align=center border=0>
<tr><td height=8 colspan=3></td></tr>
<tr><td width=20> </td>
<td>
<table width=610 bgcolor=darkgreen cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 align=center border=0><tr><td  bgcolor=#f9f9f9 >
<table width=610 cellSpacing=0 cellPadding=0 align=center border=0>
<tr>
<td width=20%>&nbsp;00 01</td>
<td width=5>&nbsp;</td>
<td>word</td>
<td width=5>&nbsp;</td>
<td width=60%>TLV.Type(0x01) - screen name (uin)</td>
</tr>
<tr>
<td>&nbsp;xx xx</td>
<td width=5>&nbsp;</td>
<td>word</td>
<td width=5>&nbsp;</td>
<td width=60%>TLV.Length</td>
</tr>
</table>
</td></tr>
<tr><td  bgcolor=#f9f9f9 >
<table width=610 cellSpacing=0 cellPadding=0 align=center border=0>
<tr>
<td width=20%>&nbsp;xx ..</td>
<td width=5>&nbsp;</td>
<td>string</td>
<td width=5>&nbsp;</td>
<td width=60%>Screen name (uin)</td>
</tr>
</table>
</td></tr>
</table>
</td></tr></table>
</td><td width=5> </td>
</tr>
<tr><td height=5 colspan=3> </td></tr>
</table>
<table width=640 cellSpacing=0 cellPadding=0 align=center border=0>
<tr><td height=8 colspan=3></td></tr>
<tr><td width=20> </td>
<td>
<table width=610 bgcolor=darkgreen cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 align=center border=0><tr><td  bgcolor=#f9f9f9 >
<table width=610 cellSpacing=0 cellPadding=0 align=center border=0>
<tr>
<td width=20%>&nbsp;00 04</td>
<td width=5>&nbsp;</td>
<td>word</td>
<td width=5>&nbsp;</td>
<td width=60%>TLV.Type(0x04) - error page description url</td>
</tr>
<tr>
<td>&nbsp;xx xx</td>
<td>&nbsp;</td>
<td>word</td>
<td>&nbsp;</td>
<td width=60%>TLV.Length</td>
</tr>
</table>
</td></tr>
<tr><td bgcolor=#f9f9f9>
<table width=610 cellSpacing=0 cellPadding=0 align=center border=0>
<tr>
<td width=20%>&nbsp;xx ..</td>
<td width=5>&nbsp;</td>
<td>string (ascii)</td>
<td width=5>&nbsp;</td>
<td width=60%>error description page url string</td>
</tr>
</table>
</td></tr>
</table>
</td></tr></table>
</td><td width=5> </td>
</tr>
<tr><td height=5 colspan=3> </td></tr>
</table>
<table width=640 cellSpacing=0 cellPadding=0 align=center border=0>
<tr><td height=8 colspan=3></td></tr>
<tr><td width=20> </td>
<td>
<table width=610 bgcolor=darkgreen cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 align=center border=0><tr><td  bgcolor=#f9f9f9 >
<table width=610 cellSpacing=0 cellPadding=0 align=center border=0>
<tr>
<td width=20%>&nbsp;00 08</td>
<td width=5>&nbsp;</td>
<td>word</td>
<td width=5>&nbsp;</td>
<td width=60%>TLV.Type(0x08) - authorization error</td>
</tr>
<tr>
<td>&nbsp;00 02</td>
<td width=5>&nbsp;</td>
<td>word</td>
<td width=5>&nbsp;</td>
<td width=60%>TLV.Length</td>
</tr>
</table>
</td></tr>
<tr><td  bgcolor=#f9f9f9 >
<table width=610 cellSpacing=0 cellPadding=0 align=center border=0>
<tr>
<td width=20%>&nbsp;xx xx</td>
<td width=5>&nbsp;</td>
<td>word</td>
<td width=5>&nbsp;</td>
<td width=60%>Authorization error code (see above)</td>
</tr>
</table>
</td></tr>
</table>
</td></tr></table>
</td><td width=5> </td>
</tr>
<tr><td height=5 colspan=3> </td></tr>
</table>
<table width=640 cellSpacing=0 cellPadding=0 align=center border=0>
<tr><td height=8 colspan=3></td></tr>
<tr><td width=20> </td>
<td>
<table width=610 bgcolor=darkgreen cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 align=center border=0><tr><td  bgcolor=#f9f9f9 >
<table width=610 cellSpacing=0 cellPadding=0 align=center border=0>
<tr>
<td width=20%>&nbsp;00 0C</td>
<td width=5>&nbsp;</td>
<td>word</td>
<td width=5>&nbsp;</td>
<td width=60%>TLV.Type(0x0C) - unknown</td>
</tr>
<tr>
<td>&nbsp;00 02</td>
<td width=5>&nbsp;</td>
<td>word</td>
<td width=5>&nbsp;</td>
<td width=60%>TLV.Length</td>
</tr>
</table>
</td></tr>
<tr><td  bgcolor=#f9f9f9 >
<table width=610 cellSpacing=0 cellPadding=0 align=center border=0>
<tr>
<td width=20%>&nbsp;xx xx</td>
<td width=5>&nbsp;</td>
<td>word</td>
<td width=5>&nbsp;</td>
<td width=60%>unknown field</td>
</tr>
</table>
</td></tr>
</table>
</td></tr></table>
</td><td width=5> </td>
</tr>
<tr><td height=5 colspan=3> </td></tr>
</table>
<!-- TLV 0x?? -->
<table width=640 cellSpacing=0 cellPadding=0 align=center border=0>
<tr><td height=8 colspan=3></td></tr>
<tr><td width=20> </td>
<td>
  <table width=610 bgcolor=darkgreen cellSpacing=0 cellPadding=0 border=0><tr><td>
  <table width=100% cellSpacing=2 cellPadding=0 align=center border=0>
  <tr><td bgcolor=#f9f9f9 >
  <table width=610 cellSpacing=0 cellPadding=0 align=center border=0 >
    <tr><td>&nbsp;May contain other tlv from the [[Protocols/OSCAR/TLV#Common_TLVs|following    list]]</td></tr>
  </table>
  </td></tr>
  </table>
</td></tr></table>
</td><td width=5> </td>
</tr>
<tr><td height=5 colspan=3> </td></tr>
</table>
</td></tr></table>
</td></tr></table>
</td></tr></table>
<br>Example SNAC dump with flap header:
<table width=640 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr>
<td bgcolor=#E9E9E9>
<font size=3><pre style="font-size: 13px">
  2A 04 C3 2C 00 16 00 01 00 06 37 37 37 37 37 37 *..,......777777
  00 08 00 02 00 05 00 0C 00 02 00 01            ............
</pre></font>
</td></tr></table>
</td></tr></table>


== TLV Class: FLAP__SIGNON_TAGS ==
== TLV Class: FLAP__SIGNON_TAGS ==
Line 404: Line 1,142:
| This is a recent client that understands multiple instances but does not want them
| This is a recent client that understands multiple instances but does not want them
|}
|}
=== From Aleksandr Shutko: Detailed OSCAR login sequence description ===
<table width=640 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr><td  bgcolor=#4040FF >
<table width=100% cellSpacing=0 cellPadding=0 border=0>
<tr>
<td><b><font color="white">&nbsp;OSCAR login&nbsp;</font></b></td>
<td width=40% align=right><b><font color="white">&nbsp;</font></b></td>
</tr>
</table>
</td></tr>
</table>
</td></tr></table>
<br>
<table width=640 cellSpacing=0 cellPadding=0 border=0 bgcolor=#E9E9E9>
<tr><td bgcolor=white>
<table width=100% cellSpacing=1 cellPadding=1 align=center border=0>
<tr>
<td bgcolor=#f0f0f0 width=120>&nbsp;<b>Login stage I:</b>&nbsp;</td>
<td bgcolor=#f0f0f0>&nbsp;<a href="#l0001">Authorization</a></td>
</tr>
<tr>
<td bgcolor=#f0f0f0>&nbsp;<b>Login stage II:</b>&nbsp;</td>
<td bgcolor=#f0f0f0>&nbsp;<a href="#l0002">Protocol negotiation </a></td>
</tr>
<tr>
<td bgcolor=#f0f0f0>&nbsp;<b>Login stage III:</b>&nbsp;</td>
<td bgcolor=#f0f0f0>&nbsp;<a href="#l0003">Services setup</a></td>
</tr>
<tr>
<td bgcolor=#f0f0f0>&nbsp;<b>Login stage IV:</b>&nbsp;</td>
<td bgcolor=#f0f0f0>&nbsp;<a href="#l0004">Final actions</a></td>
</tr>
<tr>
<td bgcolor=#f0f0f0>&nbsp;<b>Example #1:</b>&nbsp;</td>
<td bgcolor=#f0f0f0>&nbsp;[[Protocols/OSCAR/Sign_On/BUCP|Login with MD5 based authorization]]</td>
</tr>
<tr>
<td bgcolor=#f0f0f0>&nbsp;<b>Example #2:</b>&nbsp;</td>
<td bgcolor=#f0f0f0>&nbsp;[[Protocols/OSCAR/Sign_On/FLAP|Login with channel 0x01 based authorization]]</td>
</tr>
</table>
</td></tr>
</table>
<br>
<table width=640 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr><td  bgcolor=#E9E9E9 >
<table width=100% cellSpacing=0 cellPadding=0 bgcolor="#4040FF" border=0>
<tr>
<td><b><font size=2 color="white">&nbsp;<a name="L0001"></a>Login stage I: Authorization&nbsp;</font></b></td>
</tr>
</table>
</td></tr>
<tr><td  bgcolor=#E9E9E9 >
<table width=100% cellSpacing=0 cellPadding=0 border=0>
<tr><td colspan=3 height=5></td></tr>
<tr><td width=5>&nbsp;</td>
<td>
&nbsp;&nbsp;&nbsp;&nbsp;
Currently there is two ways to pass authentification in OSCAR protocol. First is
FLAP channel 0x01 authorization (password not crypted but roasted), second is MD5
based where password is MD5 crypted. In both ways server could return error or
authorization cookie + BOS address. Here is both auth sequences (client&lt;-&gt;server):
<br><br>
<table width=100% cellSpacing=0 cellPadding=0 align=center border=0>
<tr><td width=20></td>
<td>
<table width=500 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr><td bgcolor=#7070D0>
<b><font size=2 color=white>&nbsp;1. Channel 0x01 authorization (success)</font></b></td></tr>
<tr><td bgcolor=#E5E5E5>
<table width=500 cellSpacing=1 cellPadding=1 border=0>
<tr>
<td bgcolor=#f9f9f9 width=40 valign=top>&nbsp;&nbsp;<b>&lt;&gt;</b></td>
<td bgcolor=#f9f9f9 width=110 valign=top>&nbsp;&nbsp;<b>connect</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client connects to authorizer server</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&gt;&gt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/Sign_On/FLAP|cli_ident]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client send login request</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&lt;&lt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/Sign_On/FLAP#FLAP_FRAME_SIGNOFF|srv_cookie]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Server reply via BOS address / cookie</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&lt;&gt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>disconnect</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client disconnects from authorizer</td>
</tr>
</table>
</td></tr>
</table>
</td></tr></table>
</td></tr>
</table>
<br>
<table width=100% cellSpacing=0 cellPadding=0 align=center border=0>
<tr><td width=20></td>
<td>
<table width=500 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr><td bgcolor=#7070D0><b><font size=2 color=white>&nbsp;2. MD5 based authorization</font></b></td></tr>
<tr><td  bgcolor=#E5E5E5 >
<table width=500 cellSpacing=1 cellPadding=1 border=0>
<tr>
<td bgcolor=#f9f9f9 width=40 valign=top>&nbsp;&nbsp;<b>&lt;&gt;</b></td>
<td bgcolor=#f9f9f9 width=110 valign=top>&nbsp;&nbsp;<b>connect</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client connects to authorizer server</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&gt;&gt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_17_06|SNAC(17,06)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client sends md5-authkey request</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&lt;&lt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_17_07|SNAC(17,07)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Server sends md5-authkey string</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&gt;&gt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_17_02|SNAC(17,02)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client sends authorization request</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&lt;&lt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_17_03|SNAC(17,03)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Server sends authorization reply</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&lt;&gt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>disconnect</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client disconnects from authorizer</td>
</tr>
</table>
</td></tr>
</table>
</td></tr></table>
</td></tr>
</table>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;
In channel 0x01 authorization server may replace
[[Protocols/OSCAR/Sign_On/FLAP#FLAP_FRAME_SIGNOFF|srv_cookie]] packet reply via
[[Protocols/OSCAR/Sign_On#From_Aleksandr_Shutko:_AUTH_FAILED:_server_authorization_failed_response|auth_failed]] packet which contain authorization
error code. In MD5 based authorization sequence server always reply via
[[Protocols/OSCAR/SNAC_17_03|SNAC(17,03)]] which may contain cookie / BOS address
or authorization error code.<br><br>
&nbsp;&nbsp;&nbsp;&nbsp;
When authorization sequence successfully finishes client has authorization cookie,
ip address and port of the BOS server. At this point it should disconnect from
authorizer and connect to BOS. This is the point where login stage II (protocol
negotiation) started.<br><br>
</td>
<td width=15></td></tr>
</table>
</td></tr>
</table>
</td></tr></table>
<br>
<table width=640 cellSpacing=0 cellPadding=0 border=0>
<tr>
<td>
<table width=640 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr><td bgcolor=#E9E9E9>
<table width=100% cellSpacing=0 cellPadding=0 bgcolor="#4040FF" border=0>
<tr>
<td><b><font size=2 color="white">&nbsp;<a name="L0002"></a>Login stage II: Protocol negotiation&nbsp;</font></b></td>
</tr>
</table>
</td></tr>
<tr><td bgcolor=#E9E9E9>
<table width=100% cellSpacing=0 cellPadding=0 border=0>
<tr><td colspan=3 height=5></td></tr>
<tr><td width=5>&nbsp;</td>
<td>
&nbsp;&nbsp;&nbsp;&nbsp;
After authorization client should extract BOS server/auth cookie from reply
packet, connect to BOS and send cookie via special FLAP channel 0x01
packet named [[Protocols/OSCAR/Sign_On#Stage_2:_Connecting_to_BOSS|cli_cookie]]. In reply server will return list of
supported services - [[Protocols/OSCAR/SNAC_01_03|SNAC(01,03)]]. Then client
should ask needed services version numbers using
[[Protocols/OSCAR/SNAC_01_17|SNAC(01,17)]]. After that client will receive services
version numbers server has - [[Protocols/OSCAR/SNAC_01_18|SNAC(01,18)]]. Note that
client never shouldn't send snacs to services not listed in SNAC(01,03). It should
use service request [[Protocols/OSCAR/SNAC_01_04|SNAC(01,04)]] instead.<br><br>
<table width=100% cellSpacing=0 cellPadding=0 align=center border=0>
<tr><td width=20></td>
<td>
<table width=500 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr><td bgcolor=#7070D0><b><font size=2 color=white>&nbsp;Protocol negotiation</font></b></td></tr>
<tr><td  bgcolor=#E5E5E5 >
<table width=500 cellSpacing=1 cellPadding=1 border=0>
<tr>
<td bgcolor=#f9f9f9 width=40 valign=top>&nbsp;&nbsp;<b>&lt;&gt;</b></td>
<td bgcolor=#f9f9f9 width=110 valign=top>&nbsp;&nbsp;<b>connect</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client connects to BOS server</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&gt;&gt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/Sign_On#Stage_2:_Connecting_to_BOSS|cli_cookie]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client sends cookie</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&lt;&lt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_03|SNAC(01,03)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Server sends supported services list</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&gt;&gt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_17|SNAC(01,17)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client ask for services version numbers</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&lt;&lt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_18|SNAC(01,18)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Server sends its services version numbers</td>
</tr>
</table>
</td></tr>
</table>
</td></tr></table>
</td></tr>
</table>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;
After negotiation client should setup current connection. It request
rate limitations information via [[Protocols/OSCAR/SNAC_01_06|SNAC(01,06)]].
Then server will return connection rate limitations info -
[[Protocols/OSCAR/SNAC_01_07|SNAC(01,07)]]. At this point client start calculating
its rate level on every SNAC it send. Server rate limitations information SNAC
should be acked using [[Protocols/OSCAR/SNAC_01_08|SNAC(01,08)]]. Now connection
ready.<br><br>
<table width=100% cellSpacing=0 cellPadding=0 align=center border=0>
<tr><td width=20></td>
<td>
<table width=500 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr><td bgcolor=#7070D0><b><font size=2 color=white>&nbsp;Protocol negotiation</font></b></td></tr>
<tr><td  bgcolor=#E5E5E5 >
<table width=500 cellSpacing=1 cellPadding=1 border=0>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&gt;&gt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_06|SNAC(01,06)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client ask server for rate limits info</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&lt;&lt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_07|SNAC(01,07)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Server sends rate limits information</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&gt;&gt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_08|SNAC(01,08)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client ack connection rate limits</td>
</tr>
</table>
</td></tr>
</table>
</td></tr></table>
</td></tr>
</table>
<br>
</td>
<td width=15></td></tr>
</table>
</td></tr>
</table>
</td></tr></table>
</td>
</tr>
</table>
<br>
<table width=640 cellSpacing=0 cellPadding=0 border=0>
<tr>
<td>
<table width=640 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr><td bgcolor=#E9E9E9>
<table width=100% cellSpacing=0 cellPadding=0 bgcolor="#4040FF" border=0>
<tr>
<td><b><font size=2 color="white">&nbsp;<a name="L0003"></a>Login stage III: Services setup&nbsp;</font></b></td>
</tr>
</table>
</td></tr>
<tr><td  bgcolor=#E9E9E9 >
<table width=100% cellSpacing=0 cellPadding=0 border=0>
<tr><td colspan=3 height=5></td></tr>
<tr><td width=5>&nbsp;</td>
<td>
&nbsp;&nbsp;&nbsp;&nbsp;
Most of the services has limitations which you can request via SNAC(xx,02). For
example client should know max_contact_buddies for BLM service. ICBM service
has message default limits and client can change them as you need. Client also
should send its capabilities list to Location service.
<br><br>
<table width=100% cellSpacing=0 cellPadding=0 align=center border=0>
<tr><td width=20></td>
<td>
<table width=500 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr><td bgcolor=#7070D0><b><font size=2 color=white>&nbsp;Protocol negotiation</font></b></td></tr>
<tr><td  bgcolor=#E5E5E5 >
<table width=500 cellSpacing=1 cellPadding=1 border=0>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&gt;&gt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_02_02|SNAC(02,02)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client ask server location service limitations</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&lt;&lt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_02_03|SNAC(02,03)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Server replies via location service limitations</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&gt;&gt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_02_04|SNAC(02,04)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client sends its [[Protocols/OSCAR/UUIDs|capabilities]] / profile to server</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&gt;&gt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_03_02|SNAC(03,02)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client ask server BLM service limitations</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&lt;&lt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_03_03|SNAC(03,03)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Server replies via BLM service limitations</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&gt;&gt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_04_04|SNAC(04,04)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client ask server for ICBM service parameters</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&lt;&lt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_04_05|SNAC(04,05)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Server sends ICBM service parameters to client</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&gt;&gt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_04_02|SNAC(04,02)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client change default ICBM parameters command</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&gt;&gt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_09_02|SNAC(09,02)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client ask server PRM service limitations</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&lt;&lt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_09_03|SNAC(09,03)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Server sends PRM service limitations to client</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&gt;&gt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_13_02|SNAC(13,02)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client ask server for SSI service limitations</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&lt;&lt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_13_03|SNAC(13,03)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Server sends SSI service limitations to client</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&gt;&gt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_13_05|SNAC(13,05)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client check if its local SSI copy is up-to-date</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&lt;&lt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_13_0F|SNAC(13,0F)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Server tell client its local copy up-to-date</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&gt;&gt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_13_07|SNAC(13,07)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client activates server SSI data</td>
</tr>
</table>
</td></tr>
</table>
</td></tr></table>
</td></tr>
</table>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;
Note that this order is not strict and client can send several requests and then
wait for replies. But it should remember about rate limitations.<br><br>
</td>
<td width=15></td></tr>
</table>
</td></tr>
</table>
</td></tr></table>
</td>
</tr>
</table>
<br>
<table width=640 cellSpacing=0 cellPadding=0 border=0>
<tr>
<td>
<table width=640 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr><td bgcolor=#E9E9E9>
<table width=100% cellSpacing=0 cellPadding=0 bgcolor="#4040FF" border=0>
<tr>
<td><b><font size=2 color="white">&nbsp;<a name="L0004"></a>Login stage IV: Final actions&nbsp;</font></b></td>
</tr>
</table>
</td></tr>
<tr><td bgcolor=#E9E9E9>
<table width=100% cellSpacing=0 cellPadding=0 border=0>
<tr><td colspan=3 height=5></td></tr>
<tr><td width=5>&nbsp;</td>
<td>
&nbsp;&nbsp;&nbsp;&nbsp;
This is last login actions you should perform. ICQ client at this stage set its
DC information and status on main connection via
[[Protocols/OSCAR/SNAC_01_1E|SNAC(01,1E)]]. Login sequence finishes by client ready
[[Protocols/OSCAR/SNAC_01_02|SNAC(01,02)]] which contain version/build numbers for
protocol dlls.
<br><br>
<table width=100% cellSpacing=0 cellPadding=0 align=center border=0>
<tr><td width=20></td>
<td>
<table width=500 bgcolor=darkblue cellSpacing=0 cellPadding=0 border=0><tr><td>
<table width=100% cellSpacing=2 cellPadding=0 border=0><tr><td bgcolor=#7070D0><b><font size=2 color=white>&nbsp;Final actions</font></b></td></tr>
<tr><td bgcolor=#E5E5E5>
<table width=500 cellSpacing=1 cellPadding=1 border=0>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&gt;&gt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_1E|SNAC(01,1E)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client sends its DC info and status to server</td>
</tr>
<tr>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>&gt;&gt;</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;<b>[[Protocols/OSCAR/SNAC_01_02|SNAC(01,02)]]</b></td>
<td bgcolor=#f9f9f9 valign=top>&nbsp;&nbsp;Client READY command</td>
</tr>
</table>
</td></tr>
</table>
</td></tr></table>
</td></tr>
</table>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;
After SNAC(01,02) client command server start broadcast client presence to its
buddies and client start receiving messages and presence notifications. ICQ
client should also [[Protocols/OSCAR/Foodgroups/ICQ/Offline_Messages_Sequence|check]] for offline
messages.
<br><br>
</td>
<td width=15></td></tr>
</table>
</td></tr></table>
</td></tr></table>
</td></tr></table>


[[Category:With_Contrib]]
[[Category:Stub]]
[[Category:Stub]]
[[Category:AOL]]
[[Category:AOL]]

Latest revision as of 09:03, 20 February 2021

OSCAR Protocol
IntroductionTermsClients
Basic
DatatypesFLAPSNACTLV
UUIDsErrorsTool IDs
Host Interaction
Rate LimitsMigrationMessages
Other Services
ADMINADVERTALERT
BARTBOSBUCPCHAT
CHAT_NAV
Tutorials
Sign OnBARTRendezvous
ICBMLocateBuddies
Foodgroups
OSERVICE (0x0001)
LOCATE (0x0002)
BUDDY (0x0003)
ICBM (0x0004)
ADVERT (0x0005)
INVITE (0x0006)
ADMIN (0x0007)
POPUP (0x0008)
PD (0x0009)
USER_LOOKUP (0x000A)
STATS (0x000B)
TRANSLATE (0x000C)
CHAT_NAV (0x000D)
CHAT (0x000E)
ODIR (0x000F)
BART (0x0010)
FEEDBAG (0x0013)
ICQ (0x0015)
BUCP (0x0017)
ALERT (0x0018)
PLUGIN (0x0022)
UNNAMED_FG_24 (0x0024)
MDIR (0x0025)
ARS (0x044A)


NINA clients (AIM, ICQ, et al) have several ways to authenticate and sign on to the network. While AOL may have discontinued all legacy methods, we have brought them back so that all clients and other software that may interact with the network will be fully functional.

This page provides an overview of all of the available methods, primarily from the perspective of the sequence of events and linking to pages with further information.

Stage 1: Initial Authorization

Over the years, the NINA/ICQ/AIM backend has supported several different methods for authentication. Until the NINA project began taking over the responsibility for the OSCAR protocol, the only publicly supported login method was clientLogin.

We actually support all authentication methods, even legacy ones, in order to support the full range of clients. Due to complexity and level of detail, each method had been separated into sub-articles.

FLAP
This is the oldest method of sign on, used prior to AIM 3.5. It is not to be confused with the FLAP-level sign on for BOSS and other services.
BUCP
This method is used from AIM 3.5 to AIM 5.9, for ICQ, and can be wrapped in TLS.
UAS
Kerberos-based authentication is used in AIM 6+.
clientLogin
This web-based login can be used by both OSCAR clients and WebAPI clients.

Stage 2: Connecting to BOSS

Connect to the host and port (optionally over TLS) provided in the previous step, regardless of the method it was obtained.

Step #1 - Send FLAP SIGNON Frame

Once connected, the client should send a FLAP__FRAME_SIGNON with the login cookie and any version information it would like to provide.

Field Size Value
u08 flapHeader.startMarker '*'
u08 flapHeader.frameType 0x01 (FLAP__FRAME_SIGNON)
u16 flapHeader.sequenceNumber XX
u16 flapHeader.payloadLength YY
u32 version 0x01
u16 tlvs[0].tag 0x06 (FLAP__SIGNON_TAGS_LOGIN_COOKIE)
u16 tlvs[0].len 0x100
blob tlvs[0].value base64 decoded $cookie value from Step #2
u16 tlvs[1].tag 0x4A (OSERVICE__MULTICONN_FLAGS)
u16 tlvs[1].len 0x01
u08 tlvs[1].value 0x01
  1. It should then listen for a FLAP__FRAME_SIGNON from BOSS before continuing.
  2. Once it has received the FLAP__FRAME_SIGNON, the client can start sending SNAC messages to the server.


From Aleksandr Shutko: CLI_COOKIE: server BOS login request

CLI_COOKIE   


Client use this to login to BOS server. This packet contain cookie, received during authorization. Client should send it to FLAP channel 0x01. See also login sequence info.

 00 00 00 01 dword protocol version number


 00 06   word   TLV.Type(0x06) - authorization cookie
 xx xx   word   TLV.Length
 xx ..   array   authorization cookie
may contain other tlv from the following list (+).


Example SNAC dump with flap header:


  2A 01 10 1F 01 08 00 00 00 01 00 06 01 00 37 37 *.............77
  37 37 37 37 3F 29 44 42 7B 43 31 34 65 32 44 61 7777?)DB.C14e2Da
  31 44 42 66 65 34 42 30 32 30 30 44 61 44 44 39 1DBfe4B0200DaDD9
  42 35 63 32 35 42 63 33 30 64 44 61 32 66 33 66 B5c25Bc30dDa2f3f
  38 63 36 32 65 35 63 7C 65 38 40 41 41 41 41 41 8c62e5c.e8@AAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
  41 41 41 41 41 41 41 41 41 41 41 41 41 41       AAAAAAAAAAAAAA

Stage 3: Going Online

Once the connection has been established and the FLAP signon frames have been exchanged, the client can start sending SNACs to the server.

Step 1: Rights Requests

Usually the first thing the client sends are all the rights queries and a FEEDBAG__QUERY SNAC. It can and should send all these requests in parallel for a quicker login experience.

  1. Client queries the BUDDY foodgroup for rights: BUDDY__RIGHTS_QUERY
  2. Query the PD foodgroup rights: PD_RIGHTS_QUERY
  3. Query the LOCATE foodgroup rights: LOCATE_RIGHTS_QUERY
  4. Query the FEEDBAG foodgroup rights: FEEDBAG_RIGHTS_QUERY
  5. Query what the Buddy List and preferences are: FEEDBAG_QUERY

Step 2: FEEDBAG Use and Client Online

Once all the rights replies and feedbag replies are received, it is time to tell the server that the client is ready to proceed.

  1. First tell the server that the feedbag looks OK and the client is ready to use it: FEEDBAG_USE
  2. Next we tell the client we are ready to appear online to everyone else and our version numbers: OSERVICE_CLIENT_ONLINE

Step 3: Online

The client is now considered online, visible to other users, and will start to receive BUDDY__ARRIVED for any online buddies.

Next steps:


From Aleksandr Shutko: Detailed OSCAR login sequence description

 Login sequence   


  <>   Auth connect
  >>   cli_ident
  <<   srv_cookie
  <>   Auth disconnect
  <>   BOS connect
  >>   cli_cookie
  <<   SNAC(01,03)
  >>   SNAC(01,17)
  <<   SNAC(01,18)
  >>   SNAC(01,06)
  <<   SNAC(01,07)
  >>   SNAC(01,08)
  >>   SNAC(13,02)
  >>   SNAC(13,05)
  >>   SNAC(02,02)
  >>   SNAC(03,02)
  >>   SNAC(04,04)
  >>   SNAC(09,02)
  <<   SNAC(02,03)
  <<   SNAC(03,03)
  <<   SNAC(04,05)
  <<   SNAC(09,03)
  <<   SNAC(13,03)
  <<   SNAC(13,0F)
  >>   SNAC(13,07)
  >>   SNAC(02,04)
  >>   SNAC(04,02)
  >>   SNAC(01,1E)
  >>   SNAC(01,02)


From Aleksandr Shutko: Detailed OSCAR login sequence description

 Login sequence   


  <>   Auth connect
  >>   SNAC(17,06)
  <<   SNAC(17,07)
  >>   SNAC(17,02)
  <<   SNAC(17,03)
  <>   Auth disconnect
  <>   BOS connect
  >>   cli_cookie
  <<   SNAC(01,03)
  >>   SNAC(01,17)
  <<   SNAC(01,18)
  >>   SNAC(01,06)
  <<   SNAC(01,07)
  >>   SNAC(01,08)
  >>   SNAC(13,02)
  >>   SNAC(13,05)
  >>   SNAC(02,02)
  >>   SNAC(03,02)
  >>   SNAC(04,04)
  >>   SNAC(09,02)
  <<   SNAC(02,03)
  <<   SNAC(03,03)
  <<   SNAC(04,05)
  <<   SNAC(09,03)
  <<   SNAC(13,03)
  <<   SNAC(13,0F)
  >>   SNAC(13,07)
  >>   SNAC(02,04)
  >>   SNAC(04,02)
  >>   SNAC(01,1E)
  >>   SNAC(01,02)

FLAP Login Sign On Errors (Temp)

Standard Format Login Errors during Phase 1

These occur in response to the initial Phase 1 login command sent from the client. All Standard Format login errors follow this format. This error command is always in the Command Family 0x04. All variable-length strings are assumed to be 1 byte long when doing position numbers.

Position Data Size Data
1 Word 0x0001
3 Word Screen Name Length (not including null)
5 ASCIIZ String Screen Name that failed (null-terminated)
6 Byte 0x04
7 Word Error Message URL Length (not including null)
9 ASCIIZ String Error Message URL (null-terminated)
10 Byte 0x08
11 Byte 0x00
12 Byte 0x02
13 Word Specific Error Code

The current list of known "Specific Error Code"s:

Specific Error Code Error Msg URL Meaning
0x0001 http://www.aim.aol.com/errors/UNREGISTERED_SCREENNAME.html Invalid Screen Name
0x0005 http://www.aim.aol.com/errors/MISMATCH_PASSWD.html SN/Pasword Mismatch (Invalid Password)


From Aleksandr Shutko: AUTH_FAILED: server authorization failed response

AUTH_FAILED   


This is the server error reply for for cli_ident packet. It contain authorization error code (see list bellow). It always come from FLAP channel 0x04. See also channel 0x01 authorization sequence info. Here is known authorization error codes list:

  0x0001   Invalid nick or password
  0x0002   Service temporarily unavailable
  0x0003   All other errors
  0x0004   Incorrect nick or password, re-enter
  0x0005   Mismatch nick or password, re-enter
  0x0006   Internal client error (bad input to authorizer)
  0x0007   Invalid account
  0x0008   Deleted account
  0x0009   Expired account
  0x000A   No access to database
  0x000B   No access to resolver
  0x000C   Invalid database fields
  0x000D   Bad database status
  0x000E   Bad resolver status
  0x000F   Internal error
  0x0010   Service temporarily offline
  0x0011   Suspended account
  0x0012   DB send error
  0x0013   DB link error
  0x0014   Reservation map error
  0x0015   Reservation link error
  0x0016   The users num connected from this IP has reached the maximum
  0x0017   The users num connected from this IP has reached the maximum (reservation)
  0x0018   Rate limit exceeded (reservation). Please try to reconnect in a few minutes
  0x0019   User too heavily warned
  0x001A   Reservation timeout
  0x001B   You are using an older version of ICQ. Upgrade required
  0x001C   You are using an older version of ICQ. Upgrade recommended
  0x001D   Rate limit exceeded. Please try to reconnect in a few minutes
  0x001E   Can't register on the ICQ network. Reconnect in a few minutes
  0x0020   Invalid SecurID
  0x0022   Account suspended because of your age (age < 13)



 00 01   word   TLV.Type(0x01) - screen name (uin)
 xx xx   word   TLV.Length
 xx ..   string   Screen name (uin)
 00 04   word   TLV.Type(0x04) - error page description url
 xx xx   word   TLV.Length
 xx ..   string (ascii)   error description page url string
 00 08   word   TLV.Type(0x08) - authorization error
 00 02   word   TLV.Length
 xx xx   word   Authorization error code (see above)


 00 0C   word   TLV.Type(0x0C) - unknown
 00 02   word   TLV.Length
 xx xx   word   unknown field
 May contain other tlv from the following list


Example SNAC dump with flap header:


  2A 04 C3 2C 00 16 00 01 00 06 37 37 37 37 37 37 *..,......777777
  00 08 00 02 00 05 00 0C 00 02 00 01             ............

TLV Class: FLAP__SIGNON_TAGS

These tags are used in the FLAP signon frame to BOS. They appear right after the 4 byte version number.

@MAKE NOTE: Difference between ones used if BUCP is in use and ones if clientLogin or w/e was used

Name Tag Type Notes
OSERVICE__TLV_TAGS_CLIENT_IDENTITY 0x03 string Yet another client name
OSERVICE__TLV_TAGS_LOGIN_COOKIE 0x06 blob Login cookie returned by startOSCARSession
OSERVICE__TLV_TAGS_MAJOR_VERSION 0x17 uint16 (word) Client major version: (1) if the client version is "1.2.3"
OSERVICE__TLV_TAGS_MINOR_VERSION 0x18 uint16 (word) Client minor version: (2) if the client version is "1.2.3"
OSERVICE__TLV_TAGS_POINT_VERSION 0x19 uint16 (word) Client minor version: (3) if the client version is "1.2.3"
OSERVICE__TLV_TAGS_BUILD_NUM 0x1A uint16 (word) Client build number, usually monotonically increasing
OSERVICE__TLV_TAGS_MULTICONN_LEVEL 0x4A uint8 (byte) [Class: OSERVICE__MULTICONN_FLAGS] Should almost always be 0x01
OSERVICE__TLV_TAGS_CLIENT_RECONNECT 0x94 uint8 (byte) Client claims it is reconnecting because it got knocked off

Class: OSERVICE__MULTICONN_FLAGS

These flags control how multiple instances are handled by the servers and if current sessions need to be bumped off when a new session signs on.

Name Value Notes
OSERVICE__MULTICONN_LEVEL_OLD_CLIENT 0x00 Don't use
OSERVICE__MULTICONN_LEVEL_MULTI 0x01 This is a recent client that understands multiple instances
OSERVICE__MULTICONN_LEVEL_SINGLE 0x03 This is a recent client that understands multiple instances but does not want them

From Aleksandr Shutko: Detailed OSCAR login sequence description

 OSCAR login   


 Login stage I:   <a href="#l0001">Authorization</a>
 Login stage II:   <a href="#l0002">Protocol negotiation </a>
 Login stage III:   <a href="#l0003">Services setup</a>
 Login stage IV:   <a href="#l0004">Final actions</a>
 Example #1:   Login with MD5 based authorization
 Example #2:   Login with channel 0x01 based authorization


 <a name="L0001"></a>Login stage I: Authorization 
 

     Currently there is two ways to pass authentification in OSCAR protocol. First is FLAP channel 0x01 authorization (password not crypted but roasted), second is MD5 based where password is MD5 crypted. In both ways server could return error or authorization cookie + BOS address. Here is both auth sequences (client<->server):

 1. Channel 0x01 authorization (success)
  <>   connect   Client connects to authorizer server
  >>   cli_ident   Client send login request
  <<   srv_cookie   Server reply via BOS address / cookie
  <>   disconnect   Client disconnects from authorizer


 2. MD5 based authorization
  <>   connect   Client connects to authorizer server
  >>   SNAC(17,06)   Client sends md5-authkey request
  <<   SNAC(17,07)   Server sends md5-authkey string
  >>   SNAC(17,02)   Client sends authorization request
  <<   SNAC(17,03)   Server sends authorization reply
  <>   disconnect   Client disconnects from authorizer


     In channel 0x01 authorization server may replace srv_cookie packet reply via auth_failed packet which contain authorization error code. In MD5 based authorization sequence server always reply via SNAC(17,03) which may contain cookie / BOS address or authorization error code.

     When authorization sequence successfully finishes client has authorization cookie, ip address and port of the BOS server. At this point it should disconnect from authorizer and connect to BOS. This is the point where login stage II (protocol negotiation) started.


 <a name="L0002"></a>Login stage II: Protocol negotiation 
 

     After authorization client should extract BOS server/auth cookie from reply packet, connect to BOS and send cookie via special FLAP channel 0x01 packet named cli_cookie. In reply server will return list of supported services - SNAC(01,03). Then client should ask needed services version numbers using SNAC(01,17). After that client will receive services version numbers server has - SNAC(01,18). Note that client never shouldn't send snacs to services not listed in SNAC(01,03). It should use service request SNAC(01,04) instead.

 Protocol negotiation
  <>   connect   Client connects to BOS server
  >>   cli_cookie   Client sends cookie
  <<   SNAC(01,03)   Server sends supported services list
  >>   SNAC(01,17)   Client ask for services version numbers
  <<   SNAC(01,18)   Server sends its services version numbers


     After negotiation client should setup current connection. It request rate limitations information via SNAC(01,06). Then server will return connection rate limitations info - SNAC(01,07). At this point client start calculating its rate level on every SNAC it send. Server rate limitations information SNAC should be acked using SNAC(01,08). Now connection ready.

 Protocol negotiation
  >>   SNAC(01,06)   Client ask server for rate limits info
  <<   SNAC(01,07)   Server sends rate limits information
  >>   SNAC(01,08)   Client ack connection rate limits



 <a name="L0003"></a>Login stage III: Services setup 
 

     Most of the services has limitations which you can request via SNAC(xx,02). For example client should know max_contact_buddies for BLM service. ICBM service has message default limits and client can change them as you need. Client also should send its capabilities list to Location service.

 Protocol negotiation
  >>   SNAC(02,02)   Client ask server location service limitations
  <<   SNAC(02,03)   Server replies via location service limitations
  >>   SNAC(02,04)   Client sends its capabilities / profile to server
  >>   SNAC(03,02)   Client ask server BLM service limitations
  <<   SNAC(03,03)   Server replies via BLM service limitations
  >>   SNAC(04,04)   Client ask server for ICBM service parameters
  <<   SNAC(04,05)   Server sends ICBM service parameters to client
  >>   SNAC(04,02)   Client change default ICBM parameters command
  >>   SNAC(09,02)   Client ask server PRM service limitations
  <<   SNAC(09,03)   Server sends PRM service limitations to client
  >>   SNAC(13,02)   Client ask server for SSI service limitations
  <<   SNAC(13,03)   Server sends SSI service limitations to client
  >>   SNAC(13,05)   Client check if its local SSI copy is up-to-date
  <<   SNAC(13,0F)   Server tell client its local copy up-to-date
  >>   SNAC(13,07)   Client activates server SSI data


     Note that this order is not strict and client can send several requests and then wait for replies. But it should remember about rate limitations.


 <a name="L0004"></a>Login stage IV: Final actions 
 

     This is last login actions you should perform. ICQ client at this stage set its DC information and status on main connection via SNAC(01,1E). Login sequence finishes by client ready SNAC(01,02) which contain version/build numbers for protocol dlls.

 Final actions
  >>   SNAC(01,1E)   Client sends its DC info and status to server
  >>   SNAC(01,02)   Client READY command


     After SNAC(01,02) client command server start broadcast client presence to its buddies and client start receiving messages and presence notifications. ICQ client should also check for offline messages.