I am still struggeling with getting an authorized websocket in a third party application.

Tried to understand code here

http://wiki.innovaphone.com/index.php?title=Reference13r1:Concept_Talking_to_the_v13_Application_Platform_using_PHP

but this is not just a small example but about 20 classes with inheritance and async operations which makes it even harder to read. Are there any state graphs to understand the finite state engines and all states?

I also used my webbrowser to analyze the communication which seem to be much easier than understanding sequences of messages in code. In case of encryption or hashing there is still some need to analyze the code.

Taking all together I now get an idea of what I need to send and what data I receive.

But I still don't get a valid websocket to the App Service. Login ("type": "user") works, getting an AppGetLoginResult too but when using this Message to log into App service, I cannot get a valid ("ok": true) result.

This brings me to challenge in AppGetLogin:

Does the challenge used in AppGetLogin needs to be identical to what I get back when asking the App service ws for AppChallenge?

Maybe I missed something here who is generating this challenge and who is passing it in which direction?