Hello, please sign in or register
You are here: Home

Windows Live Messenger Bar

PLEASE NOTE: This article talks about a deprecated API. For latest demos please visit  http://liveexperiments.com


Adding messenger and LiveID lets you quickly add site specific messaging and general messaging features to your users experience.

Furthermore use  Windows Live like Oauth and Openid to handle authentication of 320 million users. The user benefits from simple secure sign on and doesn't have to create a new account. They take their profile and all their contacts with them and lets you see who else on your site they know so they can instantly become friends and share your sites features.

Demo

Try the demo!


This page describes how to embed the Windows Messenger app bar into your website. And in this exercise we create this....

Setup

Get an Appid+secret https://live.azure.com/Cloud/Provisioning/Services.aspx?ProjectId=0

Code

View code

<?php
/**
* Example: Embeding Windows live messenger directly into your website.
* This script is a starting place to understand how a site communicates with Windows Live services
* Relies on embeded client scripts hosted by microsoft, other than that it is standalone implementation
*
* @author Andrew Dodson
*
* SETUP
* ------------
* 1. Obtain an application ID from https://live.azure.com/Cloud/Provisioning/Services.aspx?ProjectId=0
* (More info about App ID at - http://msdn.microsoft.com/en-us/library/bb676626.aspx)
* 2. Place Application ID (appid) and Secret in $settings below
*/


$settings = array(
'appid' => 'appid-goes-here',
'secret' => 'secret-goes-here'
);


/**
* Build the AppTag attributes
*
* More Info @
* -----------------
* http://msdn.microsoft.com/en-us/library/microsoft.live.messenger.ui.tags.apptag_properties.aspx
*/
$msgrAppAttr = array(
// REQUIRED
// ---------------------
'privacy-url' => $_SERVER['REQUEST_URI'], // e.g. "Privacy.html"
'token-url' => $_SERVER['REQUEST_URI'].'?token', // "refreshMesengerToken.php"
'channel-url' => $_SERVER['REQUEST_URI'], // e.g. "Channel.html"

// Encrypt's the secret key
'application-verifier-token' => urlencode(( $token = ( 'appid=' . $settings['appid'] . '&ts=' . time() ) )
. '&sig=' . urlencode(base64_encode(hash_hmac("sha256",$token,
substr(
hash('sha256', 'SIGNATURE' . $settings['secret'], true),
0,
16),
true)
))),

// OPTIONAL
// ------------------------
'application-name' =>"Knarly Sandbox with Windows Live Login"
);


/**
* IS THIS PAGE ACTING AS A DELEGATION ASSIGNMENT?
* Typically this would be located at a completely seperate pathname defined by aforementioned "token-url"
*/
if(isset($_GET['token'])){

/**
* Process Consent Token which has been defined by the embeded script
* To create the Delegation token to ... (missing description)
*/
$parsedToken = explode_querystring( urldecode(urlencode($_COOKIE['msgr-consent-token'])) );

// Process this token... this is the confusing part
$token = base64_decode(urldecode($parsedToken['eact']));
$cryptkey = substr( hash('sha256', 'ENCRYPTION' . $settings['secret'], true), 0, 16);
$parsedToken = explode_querystring(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $cryptkey, substr($token, 16), MCRYPT_MODE_CBC, substr($token, 0, 16)));

/**
* Set delegation token
*/
setrawcookie('msgr-delegation-token', $parsedToken['delt'], 0, '/');

exit; // thats it
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:msgr="http://messenger.live.com/2009/ui-tags">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Example: Windows Live connection and Messenger</title>
<script type="text/javascript" src="http://www.wlmessenger.net/api/3.5/loader.js"></script>
<script language="javascript" type="text/javascript">
Microsoft.Live.Core.Loader.load(['messenger.ui.styles.core', 'messenger.ui']);
</script>
</head>

<body>
<a href='?source'>View source</a>
<h1>Example: Windows Live connection and Messenger</h1>
<msgr:app <?= implode_with_keys($msgrAppAttr) ?>></msgr:app>
<msgr:bar></msgr:bar>
</body>
</html>
<?php
/*****************************************************
* GENERIC FUNCTIONS: Extends PHP's functionality
*****************************************************/

/**
* Format an associative array (i.e. [key => value]) of attributes into a string
* @param array Key value associative array e.g. Dom Attributes
* @return String
*/
function implode_with_keys($a,$seperator=" ",$key_value_seperator='=', $value_enclose = '"', $key_enclose = ''){
$r = array();
foreach($a as $k => $o){
$r[] = $key_enclose.$k.$key_enclose.$key_value_seperator.$value_enclose.$o.$value_enclose;
}
return implode($seperator,$r);
}

/**
* Split the querystring (e.g. "key1=value1&key2=value2") into a PHP associative array
* @param String Querystring
* @return Array Associative array
*/
function explode_querystring($s){
$r = array();
foreach( explode('&',$s) as $o){
$a = explode('=', $o);
$r[$a[0]] = $a[1];
}
return $r;
}

?>


Token/Privacy/Channel -urls

These are all required attributes of the <msgr:app> tag and will throw fatal exceptions if omitted. In the example they are pointing to a black hole just for brevity sake. With the exception of token-url which is triggered once the consentToken is obtained in order to discover the Delegation ID.

<msgr:app 
privacy-url="/winlive/messengerbar.php"
token-url="/winlive/messengerbar.php?token"
channel-url="/winlive/messengerbar.php"
application-verifier-token="appid%3D000000004002C81B%26ts%3D1262966287%26si...."
>
</msgr:app>

More on all these attributes at Properties. Note: the attribute names here are in CamelCase, whilst the html generated in the above script uses hyphens.

Going further: Using Messenger to find a unique user id to initiate a site session login.

At first i was stuck with this there didn't appear  to be any unique key returned in this signin process which a website may use to additionally verify the user and any user specific content/access they have. Which the Windows Live ID API addresses but for some reason Messenger is unclear.

When i rooted around the code i found the $parsedToke['lid'] otherwise known as the location ID is unique to the LiveID account (please correct me if i'm wrong). I am wrong .. although i still haven't found what the location ID represents, Geographical or name perhaps of a hosting server.

Moving on.we can make a request to the server...

http://messenger.services.live.com/actions/signinstatus/

This path was obtained by looking at the net requests in Firebug. And to my knowledge is undocumented. Because they dont want wandering too far from the path.

So here we we send data with the content-type header application/json, and after the header we send json data. e.g 

POST /actions/signinstatus/ HTTP/1.1
Host: messenger.services.live.com
Content-Type: application/json; charset=utf-8
Content-Length: 675

{"version":"1","authInfo":{"authType":2,"ticket":"DELEGATION_CODE"},"domain":"HOST_NAME","clientVersion":"3.5"}

NOTE: replace DELEGATION_CODE obtained above and HOST_NAME your domain name e.g. perplexed.co.uk

If this all works out  we should get a JSON response including the user identity. E.g 

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 843
Content-Type: application/json; charset=utf-8
X-MSNSERVER: BY2MSG3020402
Date: Fri, 15 Jan 2010 18:32:16 GMT

{
    "identity": {
        "liveId": "adrosetint@hotmail.com", "endpointId": "{00000000-4002-c81b-6cbd-89211d21e20f}", "puid": "", "cid": "7835569702010216975", "appId": "1073924123", "authenticationInfo": {
            "authType": 2, "ticket": ""
        }
    }, "signInStatus": {
        "isAuthenticated": true, "isAutoSignIn": false, "isManualSignIn": false, "isTrustedSignIn": false, "isApplicationBlocked": false, "isUnsupportedBrowser": true, "isUserSignedInViaSpopClient": false, "isUserSignedInViaMpopEndpoints": true, "isMpopSettingEnabled": true, "isUserBlocked": false, "isTicketExpired": false, "isAutoSignInEnabled": 0, "isAudioEnabled": true, "isFirstRunExperienceViewed": false, "isContactsSignatureRequired": true, "isUserSettingsKnown": true, "isAppSettingsKnown": true
    }, "duration": "453", "reloaded": false
}

Here's the code, This should be appended to the above code following on after we've obtained the Delegation code.

 /**
 * Post a request to the Provider Server to get a unique ID of the user
 */
$data = (str_replace('\\/','/',json_encode((object)array(
	"version"	=> "1",
	"authInfo"	=> (object)array(
		"authType" => 2, 
		"ticket"   => urldecode($parsedToken['delt'])
	),
	"domain"	=> $_SERVER['HTTP_HOST'],
	'clientVersion'	=> "3.5"
))));

// Open Socket
if( $fp = fsockopen("messenger.services.live.com", 80, $err, $ers, 5) ){

	fputs($fp, // HEADERS
		implode(CRLF, array( "POST /actions/signinstatus/ HTTP/1.1",
		"Host: messenger.services.live.com",
		"Content-Type: application/json; charset=utf-8",
		"Content-Length: " . strlen($data)
		))
		// BREAK
		.CRLF.CRLF
		 // DATA
		.$data);
	
	// Split the response, [header] CRLF.CRLF [data] 
	$match = split(CRLF.CRLF, fread($fp, 4096),2);

	// Turn the JSON resposne into an array
	$resp = json_decode($match[1]);

	// Set the LiveID and CID and store wherre ever you want em
	$liveid = $resp->identity->liveId;
	$cid = $resp->identity->cid;
}
else{
	// errors
	// can't make connection to server
	var_dump( $err,$ers );
}
 
QED

Comments

92222130
abd201062@hotmail.com
Created 07/05/11
UweZmEOnZejEQktwCJk
I can't believe you're not playing with me--that was so heplufl.
Created 07/08/11
wVTmYdfjeAil
5bqlzs dumwvyndbwzc
Created 08/08/11
PLndbSFYVRUucluutKH
fw0qzO , [url=http://itlnmytbxehk.com/]itlnmytbxehk[/url], [link=http://vlpwtfwmyuys.com/]vlpwtfwmyuys[/link], http://xwssqrjdsggg.com/
Created 09/08/11
jKHCeBpZzbnEP
ANl4qf nhodtvbpwzvy
Created 10/08/11
bSvPKQCLTuajUNMH
pphaoe , [url=http://ntrzsihchuan.com/]ntrzsihchuan[/url], [link=http://ssmidsulewoh.com/]ssmidsulewoh[/link], http://pyrkqbbxsthk.com/
Created 14/08/11
cmoutlet
s ralph lauren outlet Ray Ban Sunglasses,Ray Ban Outlet,Ray Ban Sale,Cheap Ray Bans,Cheap Ray Ban Sunglasses,ray ban sunglasses outlet,ray ban,rayb...
Created 21/10/15
oakleysunglasses
“I canada goose outlet think it doesn’t swarovski jewelry bode very
Created 21/01/16
linpingping
The michael--kors.org.uk next ralph lauren outlet day patriots jersey Mrs
Created 01/03/16
clibin
Tyrion 5c cases watched her ray ban sunglasses read. His timber...
Created 18/04/16
chenyan
Bond grinned. pandora-bracciali.it "We bcbgmax.in.net only chaussure...
Created 15/06/16
chenyan
Bond grinned. pandora-bracciali.it "We bcbgmax.in.net only chaussure...
Created 15/06/16
ninestab123
ninest123 One canada goose pas cher gucci outlet thing
Created 21/07/16
qqqqqing
valentino shoes air max 90
Created 08/03/17
Title*
Comment

Prove you are not a robot

To prove you are not a robot, please type in the six character code you see in the picture below
Security confirmation codeI can't see this!
Contact
Name*
Email never shown*
Home Page

Author

Andrew Dodson
Since:Feb 2007

Comment | flag

Categories

Bookmark and Share