Protocols/MSNP/MSNP15/TicketTokens

From NINA Wiki
Revision as of 00:23, 29 May 2020 by AD (talk | contribs) (1 revision imported)
Jump to navigation Jump to search
MSN Protocol Version 15


Ticket Tokens

With the use of Ticket Tokens , you no longer have to depend on MSNPAuth to perform contact list related commands, which means you can perform changes without having to login to the service network , you can simply go through the first login processes (VER,CVR , USR) and the SSO process , without having to reply to the USR.

Security Token Request

You must add the following request when authenticating with SSO:

<wst:RequestSecurityToken Id="RST#">
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo>
<wsa:EndpointReference>
<wsa:Address>contacts.msn.com</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wsse:PolicyReference URI="?fs=1&id=24000&kv=9&rn=93S9SWWw&tw=0&ver=2.1.6000.1">
</wsse:PolicyReference>
</wst:RequestSecurityToken>

This assumes you already know how to login, use instead of # the corresponding number to your security token request. As you see the referenced site is contacts.msn.com , which will let you have the token you can use to perform changes or get lists.

The Reply Will Look Something Like This:

<wst:RequestedSecurityToken>
<wsse:BinarySecurityToken Id="Compact#">t=RwyZZAkmFsHiK+GCv...&p=</wsse:BinarySecurityToken>
</wst:RequestedSecurityToken>

The given ticket can be used to do any SOAP request related to contacts.msn.com (ex: membership lists, address book, updates, changes etc...)

How To Use The Ticket Token

Like i said you are no longer forced to use MSPAuth as a cookie in the POST request you can use TicketToken instead in the following way after the ABAuthHeader in the Body of the soap request:

<ABAuthHeader xmlns="http://www.msn.com/webservices/AddressBook">
<ManagedGroupRequest>false</ManagedGroupRequest>
<TicketToken>t=RwyZZAkmFsHiK+GCv...&p=</TicketToken>
</ABAuthHeader>

If the ticket token was accepted you will receive a 200 OK message and the request would be successful. If not , Error 7 will be returned along with of course 501 internal server error saying invalid or wrong Token String MBI.

Command References

MSNP15 SSO