-
Notifications
You must be signed in to change notification settings - Fork 4
Authentication
There's lots of ways to authenticate.
Microsoft accounts are the ones that look like email addresses, previously known as "passport", and have many similarities with previous MSN login methods.
Open a browser to
https://login.live.com/oauth20_authorize.srf?client_id=00000000480BC46C&scope=service::skype.com::MBI_SSL&response_type=token&redirect_uri=https://login.live.com/oauth20_desktop.srf
Allow the user to log in as normal. When they're done, the browser will be redirected to https://login.live.com/oauth20_desktop.srf with an enormous fragment. The fragment might be useful, but what the webclient requires is the three cookies MSPAuth, MSPProf, WLSSC.
This is the method that the skype clients use for microsoft account - note that this client ID is the only one with access to the service::skype.com::MBI_SSL scope (as far as we know), previously created oauth2 clients ids (such as those needed for the now-defunct MSN XMPP gateway) won't work here.
Similarly, the redirect_uri parameter can't be changed to something more useful, returning this error in the fragment:
The provided value for the input parameter
redirect_uriis not valid. The expected value ishttps://login.live.com/oauth20_desktop.srfor a URL which matches the redirect URI registered for this client application.
See also:
Request the same URL as the previous section. Keep the MSPOK cookie.
Buried in the Javascript is a HTML <input> element, with name="PPFT". Keep the value attribute of this element.
Using the same query string as the first request, POST to https://login.live.com/ppsecure/post.srf, with the MSPOK cookie and a body consisting of url-encoded parameters:
| Parameter | Notes |
|---|---|
| PPFT | The PPFT value you got from the first request |
| login | Microsoft account name |
| password | Password for that account |
If all goes well, you are redirected to the same place as the previous section. If not, look for sErrTxt: followed by a Javascript string, the string including an error message.