1. Documents
  2. Web API

Integrating LINE Login with your web application

This page explains how to integrate LINE Login with your web application. If you don’t have an existing application and would like to try LINE Login on a sample application, go to Try LINE Login for web.

Current and deprecated versions

This page describes Web Login v2 which is the latest version of Web Login. To refer to the specifications for the deprecated Web Login v1, see Web Login v1.

Note: Web Login v1 will only be supported until January 2018 and it is recommended that you use Web Login v2.

Web Login flow

The LINE Login process for web applications (Web Login) is based on the OAuth 2.0 authorization code grant flow. Your application must be able to make requests server-side and receive data from the LINE Platform. The following is an overview of the Web Login flow.

login-flow

These are the steps involved in the Web Login process.

  1. Your application directs the user to the LINE Login authorization URL with the client_id, redirect_uri, and state values.
  2. The LINE Login dialog is opened in a browser and the user logs in to be authenticated. After the LINE Platform validates the user’s credentials, the user must also agree to grant the requested permissions to your app.
  3. The LINE Platform redirects the user back to your app via the redirect_uri with the authorization code and state in the query string.
  4. Your application requests an access token from the https://api.line.me/v2/oauth/accessToken endpoint with the authorization code.
  5. The LINE Platform validates your application’s request and returns an access token and a refresh token.

Once you have retrieved an access token, you can use it to call APIs to get user profile information.

Before you begin

To start integrating your application with LINE Login, make sure you have completed the following.

Getting an authorization code

To get an authorization code, redirect the user to the URL for the LINE Login dialog from your app with the required query parameters. You can redirect the user using the LINE Login button or with a direct link.

https://access.line.me/dialog/oauth/weblogin?response_type=code&client_id={Channel ID}&redirect_uri={Callback URL}&state={State}

Include the following query parameters in the URL.

Parameter Value Type Required Description
response_type code String Yes “code”. This tells the LINE authorization server to return an authorization code.
client_id Channel ID String Yes Unique identifier for your Channel issued by LINE
redirect_uri Callback URL String Yes The URL users are redirected to after authentication and authorization. Must match one of the the URLs registered in “Technical Configuration” of the Channel Console.
state Any alphanumeric string String Yes A unique value used to prevent cross-site request forgery. This value should be randomly-generated by your application. Cannot be a URL encoded string.

The following is an example of a URL with the required parameters.

https://access.line.me/dialog/oauth/weblogin?response_type=code&client_id=12345&redirect_uri=https%3A%2F%2Fsample.com%2Fauth&state=123abc

User authentication

When the user is redirected to the LINE Login dialog, they must first log in with their LINE credentials. If they are already logged in to the LINE app, they will be logged in to LINE automatically. A consent screen will then be displayed and the user must either agree or deny the permissions that your application is requesting. By default, your application requests access to the user’s profile information.

The following is the consent screen with the permissions that are requested by your app.

Receiving the authorization code

Once the user logs in and agrees to grant the permissions, the user is directed to the callback URL with the following query parameters.

Parameter Type Description
code String Authorization code used for issuing the access token. Valid for 10 minutes.
state String State parameter included in the authorization URL of original request. Your application should verify that this value matches the one in the original request

The following is an example response.

https://sample.com/callback?code=b5fd32eacc791df&state=123abc

Error response

If the user denies the permissions requested by your application, the following parameters are returned in the callback URL query string.

Parameter Type Description
error_description String “The+user+has+denied+the+approval”. Note: This parameter does not appear in the in-app browser of iOS and Android applications. We are currently working on this issue.
errorMessage String “DISALLOWED”
errorCode Integer “417”
state String State parameter included in the authorization URL of original request.
error String “access_denied”

This is an example of an error response.

https://sample.com/callback?error_description=The+user+has+denied+the+approval&errorMessage=DISALLOWED&errorCode=417&state=123abc&error=access_denied

If the user denies the permissions requested by your application, your application should handle the error appropriately.

Getting an access token

To get an access token, make an HTTP POST request with the authorization code. Once you have an access token, you can use it to make API calls. The access token is issued at the following endpoint.

Request

POST https://api.line.me/v2/oauth/accessToken

Request header Description
Content-Type application/x-www-form-urlencoded

Request body

The information in the request body is in a form-urlencoded format.

Parameters Type Description
grant_type String “authorization_code”. Specifies the grant type.
client_id String Channel ID. Found in the Channel Console.
client_secret String Channel secret. Found in the Channel Console.
code String Authorization code
redirect_uri String Callback URL

Example request

This an example of the information in the request body.

grant_type=authorization_code&code=b5fd32eacc791df&client_id=12345&client_secret=d6524edacc8742aeedf98f
&redirect_uri=https%3A%2F%2Fsample.com%2Fauth

Receiving the access token

The LINE Platform validates the request and returns an access token and a refresh token. The refresh token can be used to get new access tokens.

Property Type Description
scope String “P”. Default permission to access the user’s LINE profile information.
access_token String Access token. Valid for 30 days.
token_type String “Bearer”
expires_in Integer Amount of time in seconds until the access token expires.
refresh_token String Token used to reissue an access token

The following is an example JSON response.


    {
       "scope":"P",
       "access_token":"bNl4YEFPI/hjFWhTqexp4MuEw5YPs7qhr6dJDXKwNPuLka...",
       "token_type":"Bearer",
       "expires_in":2591977,
       "refresh_token":"8iFFRdyxNVNLWYeteMMJ"
     }
    

You can store the information on your server and use the access token to call APIs.

Next steps

After getting an access token, use it to call our REST APIs to get user profile information, log out the user, and manage access tokens. For more information, see the following pages.