Apparently validating Live credentials is as easy as POSTing to https://login.live.com/RST.srf. I can change the server so that people would get entered into the Escargot database the first time they log in with a real Windows Live account, and that would get rid of the sign up form and make using Escargot even easier. The contacts, though, would still be unrelated to whatever contacts you have on Skype.
I am in favour of this, I think this is the best approach as it would make it far more seamless.
I do wonder how that approach would work with Microsoft Account 2FA or App Passwords, as that was a Reviver 2 problem with authentication.
Re: Contacts, I believe you could pull them off via OAuth auth separately and then pull them into the Escargot database as an option or tool later on (or Messenger’s ctt files).
@Lucas The passwords come from the users (when they enter them to MSN) and Escargot will pass them to the Live service for authentication.
@TReKiE Good point about 2FA, I’ll test it and see what happens. Don’t know what App Passwords are. I thought to read/write contacts I’d need to interface with the Skype protocol which is undocumented, do you know of a different way?
I wonder if the problem of having to do username|password@email.com deal for versions before 5.0 and 7.5 will be an issue if we use Windows Live ID accounts…
I cannot sign in MSN Messenger. I still receive the following: Signing in to MSN Messenger failed because the service is temporarily unavailable. Please try again later. 81000395.
Marek
If possible when errors occur on either server will you be able to have control over those fixes after connecting to the live service? I am just asking so that we can report errors that occur to you instead of Microsoft directly.
Hi:
I have just installed msn 7.5.0324 patched.zip. I understand you suggest me to enter my password into e-mail addres. It will be visible for everyone,won’t be? Something is not so here.
Marek
@Marek No it won’t be visible to everyone. it will be visible as the name of the username in the chat history folder for your messenger chat log. it’s suggested to keep the chat log folder private. I’m glad you asked since i was also confused about it at first. disabling the chat log would help to keep it private too.
i think you are badly mistaking here.
No encryption, means that it can be seen by pretty much anyone on the internet.
This is only really safe to use with an server who has set its encryption right,
and with a client that does support login encryption which is WLM2012 only.
Dont get me wrong its an awesome project.
But just dont use your primary account for it.
To clarify: what Alexis means is that if you log in with pipeauth, your password will not be sent to your contacts. The server purges it from outgoing MSNP messages.
Sintezza and Raymonf are also correct, because pipeauth sends the entire contents of the email field as cleartext to the server.
@Sintezza, MSN >= 5 all use HTTPS for the login process (it happens outside of the unencrypted MSNP connection).
Edit: I’ll take this chance again to recommend everyone use 7.0 for now. I was too excited when the pipeauth workaround worked to think about the consequences, and what do you know, a few days later Microsoft shuts down the last remaining servers and there’s a huge influx of users that were following the unsafe instructions for using 7.5…
Thank you all for the feedback, your raised very good points about security. It definitely will not be a good idea to do this, until encrypted login is properly implemented for all versions of MSN and we no longer need that terrible, terrible “pipeauth”. We’re making slow but steady progress for doing this on MSN >= 7.5 (MSN 5 though 7.0 already log in properly.)