Protocols/MSNP/MSNP15/TicketTokens
| MSNP Protocol |
| Version 15 |
| General |
| Overview • Changes |
| Single Sign-On • Ticket Tokens |
| New Features |
| Locations |
| Roaming Content |
| Overview |
| Introduction • Terms • Clients |
| Reference |
| Error List • Commands • Relying Party Suite • Spotlife |
| Services |
| XMPP • HTTP Gateway • Tabs • Activities |
| Documentation |
| Development Tools • MSNP Grid |
| Polygamy • URLs used by MSN |
| Documents |
| Protocol Versions |
| Version 21 |
| Version 18 |
| Version 16 |
| Version 15 |
| Version 14 |
| Version 13 |
| Version 12 |
| Version 11 |
| Version 9 |
| Version 8 |
| Version 2 |
| MSNC |
| Introduction • P2P • Object Descriptor • Display Pictures • File Transfer |
| Scenarios |
| Microsoft Messenger for Mac |
| MSNP on WebTV (MSNTV) |
Ticket Tokens
With the use of Ticket Tokens, you no longer have to depend on MSNPAuth to perform contact list related commands, which means you can perform changes without having to login to the service network , you can simply go through the first login processes (VER,CVR , USR) and the SSO process , without having to reply to the USR.
Security Token Request
You must add the following request when authenticating with SSO:
<wst:RequestSecurityToken Id="RST#"> <wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType> <wsp:AppliesTo> <wsa:EndpointReference> <wsa:Address>contacts.msn.com</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <wsse:PolicyReference URI="?fs=1&id=24000&kv=9&rn=93S9SWWw&tw=0&ver=2.1.6000.1"> </wsse:PolicyReference> </wst:RequestSecurityToken>
This assumes you already know how to login, use instead of # the corresponding number to your security token request. As you see the referenced site is contacts.msn.com , which will let you have the token you can use to perform changes or get lists.
The Reply Will Look Something Like This:
<wst:RequestedSecurityToken> <wsse:BinarySecurityToken Id="Compact#">t=RwyZZAkmFsHiK+GCv...&p=</wsse:BinarySecurityToken> </wst:RequestedSecurityToken>
The given ticket can be used to do any SOAP request related to contacts.msn.com (ex: membership lists, address book, updates, changes etc...)
How To Use The Ticket Token
Like i said you are no longer forced to use MSPAuth as a cookie in the POST request you can use TicketToken instead in the following way after the ABAuthHeader in the Body of the soap request:
<ABAuthHeader xmlns="http://www.msn.com/webservices/AddressBook"> <ManagedGroupRequest>false</ManagedGroupRequest> <TicketToken>t=RwyZZAkmFsHiK+GCv...&p=</TicketToken> </ABAuthHeader>
If the ticket token was accepted you will receive a 200 OK message and the request would be successful. If not , Error 7 will be returned along with of course 501 internal server error saying invalid or wrong Token String MBI.