There must be a thread somewhere but I could not find it. So,

What I'd like in my app is that for example, the user clicks a button reading "My Inbox" and I open the web browser automatically logging the user in and showing their inbox. I was looking at the MySpaceIM and what it does.  The web page that's opened has the URL:

http://messaging.myspace.com/index.cfm?fuseaction=mail.inbox&MyToken=78b47010-463f-41a2-9040-f528899cd487 

Looking at the wire, there is an intermediate request:

GET /Modules/IM/Pages/UrlRedirector.aspx?challenge=57723055-353804227-432645649&response=aLBRhHKEwV8y22SLbq/CMDBCskRO4btBuAppApVOscg&target=mail&targetid=353804227&IMLang=English&LangID=4105 HTTP/1.1
Accept: */*
Accept-Language: en-ca
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: imhome.myspace.com
Connection: Keep-Alive
Cookie: MSCulture=IP=216.9.243.111&IPCulture=en-CA&PreferredCulture=en-CA&Country=CA&ForcedExpiration=0&timeZone=0&USRLOC=QXJlYUNvZGU9MCZDaXR5PVdhdGVybG9vJkNvdW50cnlDb2RlPUNBJkNvdW50cnlOYW1lPUNhbmFkYSZEbWFDb2RlPTAmTGF0aXR1ZGU9NDMuNDY2NyZMb25naXR1ZGU9LTgwLjUzMzMmUG9zdGFsQ29kZT0mUmVnaW9uTmFtZT1PTg%3D%3D&clientTimeZone=3; NGUserID=a28258a-1708-1182343515-1; GADC=GABCD_myspace_splash_homepage_ab_pool=374be3c3-daa2-4ce4-8667-fa61931f3c6a!3.0&GABCD_myspace_profile_new_homepage_pool=5b64325f-da7f-40cf-aea2-e3d30f618918!2.0&EUD=0:0:YjJjM2I0ZDc5MDI0MDYwOTfOfnf_p9Hw5TADjIp2cy8yBtcA4vrOOt1Z5JFj2JhZVtA8J6qxg2VexBjSn6ga4Min0RwgwVphFx-fc9zFYgwzu8RsaLFK4LJNMD8VPoh4&GABCD_myspace_mail_inbox_pool=5fcde500-fd12-4ff6-82bd-e7d6772e1b6b!3.0; SessionDDF2=44ac6df20d3c3ea923851095d3302c9671b362d6bf2014a8; __utma=102911388.1266017484.1205340937.1206627752.1206640880.10; __utmz=102911388.1206380378.8.4.utmccn=(referral)|utmcsr=home.myspace.com|utmcct=/index.cfm|utmcmd=referral; UNIQUELOGINTAKEOVER=%7bts+'2008-03-12+10%3a12%3a19'%7d; EVENTLOCA...[more here]

and a response:

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 305
Content-Type: text/html; charset=utf-8
Location: http://messaging.myspace.com/index.cfm?fuseaction=mail.readmessage&userID=353804227&type=inbox&messageID=353804227&fed=true&MyToken=c6c61352-131e-42be-a15c-2c535b86d60a
Server: Microsoft-IIS/6.0
X-AspNet-Version: 2.0.50727
Set-Cookie: MYUSERINFO=; domain=.myspace.com; expires=Wed, 19-Jan-2005 08:28:17 GMT; path=/
Set-Cookie: MYUSERINFO=; domain=myspace.com; expires=Wed, 19-Jan-2005 08:28:17 GMT; path=/
Set-Cookie: USER=; domain=.myspace.com; expires=Wed, 19-Jan-2005 08:28:17 GMT; path=/
Set-Cookie: USER=; domain=myspace.com; expires=Wed, 19-Jan-2005 08:28:17 GMT; path=/
Set-Cookie: Login=MIIB%2fQYKKwYBBAGCN1gDkKCCAe0wggHpBgorBgEEAYI3WAMBoIIB2TCCAdUCAwIAAQICZgMCAgDABAgeWlUIROuU%2fQQQGI68lTM76UPrTbY4sYVgiASCAaiGwYs9YJ0FeJrxIvHVjh7Wq44gtbaplNtHek5dhNBaEwHSu7ZrGn%2bnpoH7kHWnBCb90cGpBih8CX0I13FC87zUk4QluJMEyp47MSEPT7LBgeJW5LXy8gZZyGNj%2fLqFScA3w3Of3gjbVzW2vChE3rr6ugpUAhIyxSOMEkalyjt0LUW7PA%2b7hbrSwDE9F61gD5AL3o1M0wPuqslCO%2fePUJphcsh2vH7XO0z12t8IVgWaI70OLU%2fnGhZC2eZgUiCu%2fJGdZgv6LCSSRqRV4SWO5rHoRFf15VfkJpr0otUeKmq1xfCGhw0W3%2b6FxByoUKnoijIlOpsVm3qNaKtl9C9G04whkVUxnWg6gh0AfmMVrG9LxHwhJLIUl15JoroJ7M%2fb62H6eevN40mhE7Rawsnxk%2f8tGYLyoRR1fhprFIMGLdXd%2fWV98zDz2tWdtXtbTj6I1BnHaMLgB6J8PZVW6Avfcv%2bNZjfhHii0xjq6PtcEwXbmaOU0bochNnw5CMdboAjuuOztSVtLPQIs5B8t72piMFBV9bDDlyWWV69%2bpFK003WJyCqON1WxdXeX; domain=.myspace.com; expires=...[more here]
 

Basically, the response contains the URL I have to call at the end.

Can someone explain me how this works? What is the challenge and the response in the GET request and what are the rest of the fields that I need to pass in (mandatory)

 I'd very very much appreciate it.

Thanks a bunch 

I might be misunderstanding what you're asking for, but the MySpaceIM facility is well outside the MDP - there is no functionality that comes close to matching that. That would require automating a login directly into MySpace, and bouncing the user to their message center. You can't automate the login that way; it's at least two violations of the ToS.

There is a possible tentative way, but it's not been officially announced yet (there is a new testing tool for it, though), but it wouldn't work the way you describe above. The user would still have to login themselves, directly entering their username and password into a MySpace-hosted page, which would then send back a session token for your App to use. I haven't really looked into it, because it hasn't been mentioned yet, and the few times I've tested the tool, it still wasn't functioning (though, it's been some time since I last checked). I'm not even sure if you could use that token to build a URL to send the user to their message center, but it might be possible.

 Well, what I had in mind is:

In my app, the user would log into MySpace (analogy again to the MySpaceIM, the user logs in presenting his MySpace credentials). Upon login he would get something like a session token.

Then he wants to check his Inbox. I'd provide the token (or something similar) and call the inbox url.

I hope this is a bit clearer, sorry for the confusion. Would this break the TC?

 Thanks again. 

Could you point me to the tool you mentioned. That's exactly what I was looking for I guess...

 Cheers. 

It might just be. You can find it under Test, External App Authentication (though it's actually the Access Delegation Tool):

http://developer.myspace.com/modules/apis/pages/accessdelegationtool.aspx

*Edit*

The tool was removed sometime during the day. Oh well.

*Edit Again*

The Tool came back. Yay.