This post is only relevant to those who write bots or clients for chat, if you are not one of those people you can ignore it.
As of today, a new format for the authentication packet is available. Since the format of the packet is not constrained by the protocol documentation, it makes sense to post an announcement about this. The new format works pretty much identically to the HTTP Authorization header and has the following format:
| Index | Type | Value |
|---|---|---|
| 0 | Packet ID | '1', authentication packet ID |
| 1 | Auth Method | Currently only 'Misuzu' is supported, in the future 'Bearer' will replace it. |
| 2 | Auth Token | Authentication token value, value of the msz_auth cookie. In the future a bearer access token will go here. |
An example packet would then be 1\tMisuzu\tAQAAAO9P39PQkQph1oTydRvBMiv3HnyPjhalC_oiawlrxVJxxg.
For the record, the previous format is as follows:
| Index | Type | Value |
|---|---|---|
| 0 | Packet ID | '1' |
| 1 | User ID | User ID of the authenticating user. |
| 2 | Auth Token | 'SESS:' + value of the msz_auth cookie. |
The equivalent packet in this format to the new format above would be 1\t239\tSESS:AQAAAO9P39PQkQph1oTydRvBMiv3HnyPjhalC_oiawlrxVJxxg.
This change is in preparation for Flashii ID, which will be based on OAuth2; it should make the eventual transition easier and also means you don't have to store the user ID separately. The authentication token is already unique, so there's no reason to provide that extra bit of information.
It should be added that there's no rush to implement this, Flashii ID isn't ready yet and even then the Misuzu authentication method will continue to be supported for some time after that. The "SESS:" based format will continue to work for as long as the Misuzu scheme is also supported. However, if you're starting from scratch, you should only bother to implement the new scheme.
