Consent token null after refresh using Live Messenger Library

Question

Hi,

I'm having trouble getting a refreshed consent token.

I use a cookie to store the consent token once the user is first signed in. After a while (something like 24 hours) the delegation token contained in the stored token has expired, and I need to refresh the consent to get a new consent token.

I've followed the instructions on "Refreshing Content"

To get the new consent cookie I do the following:

1. Get the cookie-contained consent token

2. Try to sign in with the delegation token from that consent token

3. If it doesn't succeed, I assume that the delegation token has expired

4. Extract the refresh token from the old consent token

5. Load the URL (consent.messenger.services.live.com/RefreshToken.aspx or consent.live.com/RefreshToken.aspx - the result is the same) with the refresh token and my app verifier token as parameters

6. Retrieve the response

This is how my request looks like:

http://consent.messenger.services.live.com/RefreshToken.aspx?ru=&ps=Contacts.Update&reft=Lmxllk38fE3%2BahL8uyA4%2Bbkl6rE0LefymQI4wXX6Brsf4HgKDRpngfJabRAIoCL0HY%2BJkiFTnoa1oF4D6lGxpNa1V0%2B%2BhuQdff5ZMhqB4KsqOtwHTHG4bH%2FUeTS9cPDum0Ml6u9v88Wupyp2H9ZTtQ%3D%3D&app=appid%3d000000004C01F8FB%26ts%3d1256726014%26sig%3dknNgq8UzMWGYwZ6nuahKkD%252b4RDbJSizxLDKXnunQUKA%253d

My problem is that the response is always {"ConsentToken":null}

I use the Live Messenger JavaScript Library and the DelegatedAuthControl as outlined in "How To: Sign In to Windows Live Messenger"

I wonder if my problems have anything to do with the fact that I couln't decide what to put in the paramters for return URL and permissions, because

1) I don't use a return URL since the procedure in "How To: Sign In to Windows Live Messenger" and the DelegatedAuthControl doesn't seem to use any return URLs.

2) I don't specify any offers or actions on sign in, and hence I do not have a clue what I need to specify in the "Permissions" parameter.

What am I doing wrong? What is the proper way to refresh a consent token when using Javascript Library and the DelegatedAuthControl?

Answer 1

Hello all, 

It seems I managed to find the answer... If anyone runs into the same problems, here is how I fixed it:

The offers contained in the initial consent token is retrievable when the token is processed (i.e. decrypted). The offers I needed was simply Messenger.SignIn. When I specifed an empty return URL parameter and "Messenger.SignIn" for the permissions parameter, I got a refreshed consent token!

Thanks for looking!

Answer 2

Few notes regarding this:

·         The Windows Live Messenger UI Controls simplify the processing of consent tokens and delegation tokens by offering the Sign-In Control and the ability to sign in via the Messenger Web Bar Control.

·         For a more in-depth look on auto-sign-in with the UI controls, see Working with Delegation Tokens in the UI Controls.

·         Even if your application does not use the UI controls, you can still follow a similar pattern for processing consent tokens. A good place to start is reading about Working with Delegation Tokens in the UI Controls and then reviewing a sample token-refresh server page. For an example, refer to our samples and look at WebToolkit/GettingStarted/CSharp/RefreshMessengerToken.aspx

 

Thanks,

 

Offir Bakshitz [MSFT]