1. Documents
  2. Web API

Integrating Web Login

This page explains how to integrate Web Login with your website. The Web Login feature is based on the OAuth 2.0 protocol.

Current and deprecated versions

This page describes Web Login v2 which is the latest version of Web Login. To refer to the specifications for the deprecated Web Login v1, see Web Login v1.

Note: Web Login v1 will only be supported until January 2018 and it is recommended that you use Web Login v2.

Web Login flow

An access token is required to call APIs. To securely perform authentication and authorization, users are transferred to the LINE domain to log in and agree to permissions. Users are then redirected to your website and an access token is retrieved. The following describes the process of calling APIs.

  1. User is redirected from the website to the LINE Login screen.
  2. User enters LINE Login credentials and agrees to the permissions.
  3. User is redirected back to the website with an authorization code.
  4. The authorization code is sent from your website’s server to the LINE server to retrieve an access token.
  5. Access token is returned to your website’s server.

LINE Login starter application

The LINE Login starter application lets you easily try out LINE Login in Java. To use the starter application, go to the GitHub repository below.

Requirements

To integrate your website with Web Login, the following information must be retrieved or specified.

  • Channel ID: Identifier issued when registering your Channel.
  • Channel secret: Signature key issued when registering your Channel.
  • Callback URL: URL the user is redirected to after authorization. Multiple callback URLs can be registered.

Getting an authorization code

To start integrating Web Login, you need to get an authorization code.

Login dialog

To get an authorization code, redirect the user to the LINE Login screen when the LINE Login button is pressed. The URL for the LINE Login screen is shown below.

https://access.line.me/dialog/oauth/weblogin?response_type=code&client_id={Channel ID}&redirect_uri={Callback URL}&state={State}

Query parameters

Parameter Value Type Description
response_type code String Required. The value is code. This tells the LINE authorization server to return an authorization code.
client_id Channel ID String Required. Channel ID issued by LINE.
redirect_uri Callback URL String Required. The URL users are redirected to after authentication and authorization. Must match one of the the URLs registered from the Channel Console.
state Any alphanumeric string. String Required. A random unique value. Cannot be a URL encoded string. The Auto Login function cannot be used without this value. See “Note” below.

Note: To prevent cross-site request forgery (CSRF), a random unique state value based on the session information is required when generating the LINE Login page URL. If the state parameter is not included in the request, Auto Login will not work.

Example URL for the Login dialog

This is an example of a URL for performing authentication and authorization.

https://access.line.me/dialog/oauth/weblogin?response_type=code&client_id=12345&redirect_uri=https%3A%2F%2Fsample.com%2Fauth&state=123abc

Response

Once the user logs in and agrees to grant the permissions, the user is redirected to the callback URL. When authentication and authorization is successful, the following query parameters are returned.

Query parameters

Parameter Type Description
code String Authorization code used for issuing the access token. Valid for 10 minutes.
state String State query parameter specified at authentication and authorization.

Example response

If authentication and authorization are successful, the user is redirected to the callback URL with code and state query parameters. This is an example of a response.

https://sample.com/callback?code=b5fd32eacc791df&state=123abc

Error response

If authentication and authorization fails, the following query parameters are granted.

Parameter Type Description
error Integer Error code
state String State query parameter string specified at authentication and authorization
errorCode Integer Code value assigned to all error types
errorMessage String Message string displaying the reason for error

The following errorCode and errorMessage values are returned.

errorCode errorMessage Description
417 DISALLOWED User presses the cancel button on the permissions page.

Example error response

This is an example URL that the user is redirected to in the event of an error.

https://sample.com/{Callback URL}?error=access_denied&state=[state]&errorCode=417&errorMessage=DISALLOWED

Getting an access token

To get an access token, make an HTTP request with the authorization code. Once you have an access token, you can use it to make API calls. The access token is issued at the following endpoint.

Request

POST https://api.line.me/v2/oauth/accessToken

Request header Description
Content-Type application/x-www-form-urlencoded

Request body

The information in the request body is in a form-urlencoded format.

Parameters Type Description
grant_type String Fixed value, authorization_code.
client_id String Channel ID.
client_secret String Channel secret issued when registering your Channel.
code String Authorization code.
redirect_uri String Callback URL.

Example request

This an example of the information in the request body.

grant_type=authorization_code&code=b5fd32eacc791df&client_id=12345&client_secret=d6524edacc8742aeedf98f&redirect_uri=https%3A%2F%2Fsample.com%2Fauth
 

Response

The following information is returned in JSON.

Property Type Description
scope String Fixed code value corresponding to the permissions granted by the user. The default value is P, which is the permission for user profile information.
access_token String Access token. Valid for 10 days.
token_type String Fixed value, bearer.
expires_in Integer Validity of access token. Elapsed time in seconds from when the access token is issued.
refresh_token String Token used to reissue access token

Permissions

This is an overview of the permissions given by the scope value in the response.

Property Description
P Permission to get LINE user profile information. Default value.

Example response

The response is returned in JSON.


    {
       "scope":"P",
       "access_token":"bNl4YEFPI/hjFWhTqexp4MuEw5YPs7qhr6dJDXKwNPuLka...",
       "token_type":"Bearer",
       "expires_in":2591977,
       "refresh_token":"8iFFRdyxNVNLWYeteMMJ"
     }
    

This information is kept on your server and APIs can be called as required.

Calling APIs

After getting an access token, you can use it to call REST APIs. For more information on REST APIs, see How to use the APIs.