Export (0) Print
Expand All

Refreshing Consent

Cc287631.note(en-us,MSDN.10).gifNote:
This topic describes functionality that will be obsolete. This functionality is provided only to support legacy applications. Live Connect incorporates features that provide equivalent functionality.

You refresh consent for a resource provider by sending information to the consent-refresh URL of the Windows Live ID consent service. The following syntax describes the consent-refresh URL.

http://consent.live.com/RefreshToken.aspx?ru=...x&ps=...&reft=...[&app=]

The consent-refresh URL takes the following parameters.

Parameter Name Full Name Description

ru

Return URL

The URL of the page on your Web site, called the return URL, to which the Windows Live ID consent service returns the refreshed consent token.

You must create a page on your site corresponding to the return URL, to handle the response from the consent service.

The return URL must be a fully qualified Domain Name System (DNS) URL pointing to a page on your Web site, and it must not contain IP addresses or query-string parameters. For more information about registering applications, see Getting Your Client ID for Delegated Authentication.

ps

Permissions

Required. A comma-delimited list of permissions, describing the offers and actions made available by the resource provider to which you are requesting access.

Cc287631.note(en-us,MSDN.10).gifNote:
The Windows Live ID consent service displays information only about permissions for which you explicitly request consent.
For example, if your Web site requests access to the View and Update actions of the Contacts offer for a resource provider, the following value represents the permissions list:

Contacts.View,Contacts.Update

reft

Refresh token

Required. The refresh token issued by the Windows Live ID service as part of the consent token originally returned when your Web site requested consent. The refresh token is used by the resource provider to refresh an expired delegation token. For more information about requesting consent, see Requesting Consent.

app

Application verifier token

A token that consists of your client ID, a time stamp (and, optionally, the user's client IP address), all signed with your application key. For more information about constructing an application verifier value, see Samples for Delegated Authentication.

Required only if the resource provider requires an application verifier; otherwise this parameter is optional.

Unlike requesting consent, no user interface is displayed to the user when you refresh consent, nor is a return URL required to receive the consent token. Instead, the consent-refresh URL provides a direct response to your Web site in the form of JavaScript Object Notation (JSON) output. The response from the consent-refresh URL contains either of the following string values.

Value Description

ConsentToken

The refreshed consent token for your Web site. If an unspecified error occurs while refreshing the consent token, this value is present but is set to null. If a specified error occurs, this value is not present.

error

If a specified error occurs while the consent token is being refreshed, this value is present and set to a string containing a 32-bit integer value that represents the error code for the error that occurred. For information about error values, see Error Codes.

If an unspecified error occurred, or if the consent token was successfully refreshed, this value is not present.

The following example illustrates the consent-refresh URL used by an application refreshing consent to view and update contact information.

http://consent.live.com/RefreshToken.aspx?ru=http://www.example.com/delauth/delauth-handler.aspx&ps=Contacts.Update&reft=ABCDEFG....XYZ&app=

The following example illustrates a JSON response to an application that is refreshing consent to read and write contact information.

{"ConsentToken":"delt%3dEwCoARAnAAAUgxwUrFTrj0j98kTTv4OX%252FOkhSc2AADHt9dXtiWa4afIM1AtKBgDzW2LOYBmExjIAumf%252B33MyPpGSnwrmtOc2aKG0Oz008Jg6a9Ss8a6L4zi8Za9gT85eqqdS0HNJZW9xAUoD2MOqUz7RxqY%252FpNhAWm6ndhFTj9VWWZYi7zIJJU7RgrIXEJrmQsHSKN1%252B2Iot56mknEECA2YAAAi5VYs8bPiGofgAEiVBGu8ve8kv459FJn8ioXFJMR4f5EYNJqxMXG8tZhe87ylkvESebImX%252B4T8EGxxgDBTTHmEnK5PtoxJDTLJCSz4UJwRPAS0KW2H5TIi7Ecu6dZ5FbspeKlPCi7pxjevW1WAHuoJY9oow%252FgUCZhcxCusUg2Cg6LmpSm0KwacVzaXLEOwwpfUXtFSwpPsU8w8G9syt4%252F0k1W4HJmdrqU1xqHO7ZEX3JBWpKBscNbKr5z3qCkO2tpW%252BBjFEgy8w%252Fc5wb66At7V4Vs1ccbiBJ7pC%252F0VjyfzKfBYNP2zniAmepap2jY780q73Czc10w0bfMr54cKMaDrK6kAAA%253D%253D%26reft%3dF7BJdi2ojtPWXv7qVCKrhD0kU35Rf1k4wz0nFxgB33czSkOgk0Ht5n8LGLZW2Mgo06dpFYonRF0e0hasWS91l37cf8sq2NaxyXJASrEdKoYOApPUBI6RqYnDSBgkNqKPQtUbIN%252F%252FXQ%252B7qUnzyWvnSA%253D%253D%26skey%3diS30MXEnIJj7K6HpwUBrXR5isE9rN9zq%26offer%3dContacts.View,Contacts.Update%3a1228350847%26exp%3d1196836447%26sig%3dC1itgV6AL7%252F%252BJFnML1unjGZ6nNNjQsrb8%252BcTtmNAzp8%253D"}

The following example illustrates a JSON response from the Windows Live ID consent service reflecting an unsuccessful attempt to refresh consent due to a missing return URL (RU) parameter.

{"error":"2000"}<BR><BR>Delegation Error 2000: The webpage /pp550/refreshtoken.aspx was requested without the required ReturnURL(ru) Querystring parameter by IP Address 127.0.0.1.
Cause: User Navigated to the page with an incorrectly formatted URL.
Instructions: Numerous instances of this error by the same IP Address may indicate an attack.

Other Resources

Live Connect

Show:
© 2014 Microsoft