Protocols/WebAPI/Start Page and Expression Chooser

From NINA Wiki
Jump to navigation Jump to search
WebAPI Protocol
Basic
Introduction
Clients
Whimsicals
Host Interaction
Flow
Authentication
Client
WebApp
Other Services
Foodgroups

AIM Start Page

Supporting the AIM Start Page is one of the available choices for a client. A client that chooses this feature must keep a local preference per loginId if the start page should be shown or not. The preference must default to on for all loginIds.

So the start page can be fully customized, we require authentication credentials to be passed using the Single Signon method described above. The client must show the start page to the user if they have not elected to turn it off.

Showing the start page is a simple operation.

  1. Form the start page URL following the instructions documented here.
  2. Use the Single Signon method described to form the full signed URL for the browser.
  3. Launch the browser with the full URL.

Expressions Requirement

Both the ability to choose expressions from a web page and the ability to display at least Buddy icons is required. So the expression chooser can be fully customized, we require authentication credentials to be passed using the Single Signon method described above.

Showing the expression chooser is simple.

  1. Form the expressions URL following the instructions documented here.
  2. Use the Single Sign On method described to form the full signed URL for the browser.
  3. Launch the browser with the full URL.

Connection Flow

Displaying either the Start Page or the Expression Chooser using Single Sign On is almost exactly the same. For the example the start page is used, but it is easy to substitute the Expression Chooser.

This PHP-based example a will use the same sessionKey and token as previous examples.

$sessionKey = "wEOki901gedaIeJbMAy5k+hv4iJgfvshgM+cWtk+s1g=";

$destUrl = uri_encode("http://api.oscar.nina.bz/aim/getStartPage?f=html&language;=en-us");

$uri = "http://my.screenname.aol.com/_cqr/login/login.psp";

$queryString = "a=" 
  . uri_encode("%2FwEAAAAAm3uC7kLggQUTUxDaptz5ddrYlsBinH5jBpi3aKVFOwRZUdy4VC3HBXkdtUaFOTM8E9og492eGQi3X0cIrwRfN5SsuA"
    . "%2BE9nGhXtbQt%2BHoaa8Fw9yMTuuuks3%2F8ZRh0IyGOaLWhQssgtB3vEoEEQPSc4ZZcUARXm0b3GBfEW5E3QGjTvi6tRPsVpmnfSQ%3D")
  . "&destUrl;=$destUrl"
  . "&devId;=thekey"
  . "&entryType;=client2Web"
  . "&ts;=203799990";

$queryString's value with var_export() should be something like:

"a=%252FwEAAAAAm3uC7kLggQUTUxDaptz5ddrYlsBinH5jBpi3aKVFOwRZUdy4VC3HBXkdtUaFOTM8E9og492eGQi3X0cIrwRfN5SsuA%252BE9nGhXtbQt%252BHoaa8Fw9yMTuuuks3%252F8ZRh0IyGOaLWhQssgtB3vEoEEQPSc4ZZcUARXm0b3GBfEW5E3QGjTvi6tRPsVpmnfSQ%253D&destUrl;=http%3A%2F%2Fapi.oscar.aol.com%2Faim%2FgetStartPage%3Ff%3Dhtml%26language%3Den-us&devId;=thekey&entryType;=client2Web&ts;=203799990"

Combine:

$hashData = "GET&" . uri_encode($uri) . "&" . uri_encode($queryString);

The output of var_export() for $hashData should be something like:

"GET&http;%3A%2F%2Fmy.screenname.aol.com%2F_cqr%2Flogin%2Flogin.psp&a;%3D%25252FwEAAAAAm3uC7kLggQUTUxDaptz5ddrYlsBinH5jBpi3aKVFOwRZUdy4VC3HBXkdtUaFOTM8E9og492eGQi3X0cIrwRfN5SsuA%25252BE9nGhXtbQt%25252BHoaa8Fw9yMTuuuks3%25252F8ZRh0IyGOaLWhQssgtB3vEoEEQPSc4ZZcUARXm0b3GBfEW5E3QGjTvi6tRPsVpmnfSQ%25253D%26destUrl%3Dhttp%253A%252F%252Fapi.oscar.aol.com%252Faim%252FgetStartPage%253Ff%253Dhtml%2526language%253Den-us%26devId%3Dthekey%26entryType%3Dclient2Web%26ts%3D203799990"

Create a digest of the values above:

$digest = hmac_sha256_base64($hashData, $sessionKey);
        = "8nMlPovQqriZyPvWbftEjz+lPnQRF5A8TDcU79raYc4="

$url = $uri . "?" . $queryString . "&sig;_sha256=$digest";

The output of var_export() for $url should be something like:

"http://my.screenname.aol.com/_cqr/login/login.psp?a=%252FwEAAAAAm3uC7kLggQUTUxDaptz5ddrYlsBinH5jBpi3aKVFOwRZUdy4VC3HBXkdtUaFOTM8E9og492eGQi3X0cIrwRfN5SsuA%252BE9nGhXtbQt%252BHoaa8Fw9yMTuuuks3%252F8ZRh0IyGOaLWhQssgtB3vEoEEQPSc4ZZcUARXm0b3GBfEW5E3QGjTvi6tRPsVpmnfSQ%253D&destUrl;=http%3A%2F%2Fapi.oscar.aol.com%2Faim%2FgetStartPage%3Ff%3Dhtml%26language%3Den-us&devId;=thekey&entryType;=client2Web&ts;=203799990&sig;_sha256=8nMlPovQqriZyPvWbftEjz+lPnQRF5A8TDcU79raYc4"