Is it a security issue?

If you believe you have discovered a vulnerability or have an issue related to security, please DO NOT open a public issue. Instead, send us a mail to [email protected].

What did you do?

Please describe what you did before you encounter the issue.

What did you expect?

Please describe what you did expect to happen.

What happened actually?

Displaying error Cannot find 'LoginManager' in scope

Please describe what happened actually.

Your environment?

• XCode 13.3
• Swift

Some information of the environment in which the issue happened. LINE SDK version, Xcode version, iOS version, etc.

Sample project

It would be appreciated if you can provide a link to or update a sample project that we can download and reproduce the issue.

Hello, I'm applying Line login flow, but when I tried to call Login with UniversalLinkFlow when the Line app was installed before without login, when the Line App opened then auto-directed to the Safari browser.

• So In this case how to configure to Line app to keep that session without directing it to the browser?
• I have referred to another app like TikTok when logging Line no login yet, but the Line app still keeps that session.
• I also tried the example on Line SDK, whose behavior is still directed to the browser.

We don’t have Info.plist in a static library so SDKVersion will return short version of main bundle.
Similar issue maybe occur with Login button resources in Assets.

Is it a security issue?

No

What did you do?

What did you expect?

What happened actually?

With Build Active Architecture Only set to NO, building for any simulator fails at the stage "Compile Swift source files (arm64)". While it works fine when building for physical devices.

import LineSDK

class LineAuthenticationSession {
    typealias LineAPI = LineSDK.API // error: No type named 'API' in module 'LineSDK'

    func isTokenError(_ error: LineSDKError) -> Bool { // error: Cannot find type 'LineSDKError' in scope
    }

    func login() {
        LoginManager.shared.login(permissions: [.profile]) { _ in  // error: Cannot find 'LoginManager' in scope
        }
    }
}

Your environment?

• LINE SDK version: 5.5.1
• SDK installation method: add xcframework manually
• Xcode version: Xcode 12.0 beta 5 (12A8189h) and previous beta versions

Sample project

N/A

It is a bit complicated right now. Maybe it would be a good idea to create some promising helps to handle the networking request better. They are not required to be so generic but should focus on the Request context. Some basic idea includes Chained and Zipped.

Is it a security issue?

no

What did you do?

After I integrate LineSDK with pods, I get an error when calling loginWithPermissions:permissions method

What did you expect?

I hope I can use LineSDK normally in OC projects

What happened actually?

error，EXC_BAD_ACCESS

Your environment?

pod 'LineSDKSwift/ObjC', '~> 5.0'

Xcode 12.0 beta 5

iOS 12.4.8

Sample project

https://github.com/hw20101101/H200914_Test_Protocol

SDK 版本：5.8.2
line app版本：13.6.0

安装line app后，唤起line app授权，返回错误：authorizeFailed(reason: LineSDK.LineSDKError.AuthorizeErrorReason.userCancelled)

不安装line app，使用web授权没问题

If I want to use the line login before iOS 10.0, do I have to use the previous SDK?

Look forward to your suggestions, thx.

안녕하세요. Line SDK 사용 중에 문의 사항이 있습니다.

Line SDK 5.7.0 버전을 사용하고 있으며 5.11.0 버전부터 Apple의 Privacy Manifest 대응이 되는 것으로 확인하였습니다.
우리의 환경은 최소 iOS 12부터 지원하기 때문에 iOS 13부터 지원하는 5.11.0을 사용할 수 없습니다.
그래서 5.7.0을 그대로 사용하기를 희망합니다.

질문.

1. 5.11.0의 Privacy Manifest 파일을 5.7.0에서 사용해도 문제가 없을지 궁금합니다. 5.7.0의 "LineSDKUI.bundle/PrivacyInfo.xcprivacy" 위치에 포함하려고 합니다.
2. 5.7.0과 5.11.0의 버전 차이로 Privacy Manifest 내용에 변경이 필요한 부분이 있을지 궁금합니다.

감사합니다.

=====

Hello. I have a question while using the Line SDK.

We are using the Line SDK version 5.7.0, and we have confirmed that Apple's Privacy Manifest correspondence from version 5.11.0.
Since our environment supports iOS 12 at least, 5.11.0 that supports iOS 13 is not available.
So I hope to use 5.7.0 as it is.

Question.

1. I'm wondering if the Privacy Manifest file in 5.11.0 is okay with using it in 5.7.0. I'm trying to include it in the "LineSDKUI.bundle/PrivacyInfo.xcprivacy" location in 5.7.0.
2. I wonder if there is anything that needs to be changed in the Privacy Manifest content due to the difference in versions between 5.7.0 and 5.11.0.

Thank you.

What did you do?

• When I build my app I get the error ld: symbol(s) not found for architecture arm64 on file OpenChatCreatingController and ShareViewController with cause not found _swift_stdlib_isStackAllocationSafe

What did you expect?

Build with arm64 successfully

What happened actually?

[ Please describe what happened actually.](ld: symbol(s) not found for architecture arm64)

Your environment?

Some information of the environment in which the issue happened. LINE SDK version, Xcode version, iOS version, etc.

• LineSDKSwift (5.8.1):
• Xcode 14.2
  Build version 14C18

how to get "id_token" in lineSDKObjC?

请问一下，哥，如何在lineSDKObjC的SDK里面获取LineSDKAccessToken的json字符串中id_token字段(当权限允许openID)，我看LineSDKAccessToken的结构里面没有哇，谢谢大哥。

喵神，请教下，这个登录成功之后，点击确认无法返回，提示网址无效，是什么情况，多谢
图片地址

Is it a security issue?

If you believe you have discovered a vulnerability or have an issue related to security, please DO NOT open a public issue. Instead, send us a mail to [email protected].

What did you do?

Please describe what you did before you encounter the issue.

What did you expect?

Please describe what you did expect to happen.

What happened actually?

Please describe what happened actually.

Your environment?

Some information of the environment in which the issue happened. LINE SDK version, Xcode version, iOS version, etc.

Sample project

It would be appreciated if you can provide a link to or update a sample project that we can download and reproduce the issue.

安卓使用安卓自己的方式分享图片是可以 的，但ios怎么解决呢。代码如下：
//图片分享
@objc static func shareWithLineWithUrlStr(urlStr: String) {
//Share image
let pasteboard = UIPasteboard.general
pasteboard.setData(UIImage(named: urlStr)!.jpegData(compressionQuality: 1.0)!, forPasteboardType: "public.jpeg")
let contentType = "image"
let urlString = "line:msg/(contentType)/(pasteboard.name)" // Get image from pasteboard, you can also use this method to share text
let url = URL(string: urlString)!
print(url)

    if UIApplication.shared.canOpenURL(url) {
        UIApplication.shared.open(url, options: [:], completionHandler: nil)
    } else {
        print("分享失败")
    }
}

app崩溃了，求大神解决

https://github.com/CocoaPods/Specs/blob/master/Specs/c/a/5/LineSDK/5.0.2/LineSDK.podspec.json

When pod install, it will fail because it can't download LineSDK.CDN service exception, please deal with it urgently.
https://d.line-scdn.net/r/devcenter/ios/LineSDK_ios_5.0.2.zip

hello. My app use "react-native-line" to archive line login feature. It works well In android. But In IOS, after show authorize page, it will open another authorize page which url is ""access.line.me"(in line app).

I have asked the develper, and they replied that this is default of Line.

So I create a issue here, and want to know is this default ?

if not , how can I skip the page?

We could not access the error status code because it’s internal API.
but guide doc is the description that it can access.

case .failure(let error):
    if case .responseFailed(
        reason: .invalidHTTPStatusAPIError(let detail)) = error
    {
        if detail.code == 500 { // code is an internal API.
            print("LINE API Server Error: \(String(describing: detail.error)")
        } else if detail.code == 403 {
            print("Not enough permission. Login again with required permissions?")
            // Do Login
        }
    }

喵神，使用line 授权登录时候打开授权登录页面没有出现添加官方账号为好友选项，该配置的地方都配置了，安卓是有的，能看下是什么问题吗？

We need to check remove this in a future beta.

Not sure if it's iOS SDK issue or not, but when verifying login permissions in LINE app, the Important section shows the provider name in its text instead of the app name, e.g:

In this example, Learn21 is the app name, and HEADSTART EDUCATION MANAGEMENT COMPANY LIMITED is the provider. It looks weird to read about downloading a company. :)

What did you do?

open SFSafariViewController in line (url: access.line.me) and timeout (wifi status is okay)

What did you expect?

in LTE or 3G status is also okay

What happened actually?

open SFSafariViewController in line (url: access.line.me) and timeout (wifi status is okay)

Your environment?

LINE SDK version 5.0.1, Xcode version 10.1, iOS version 12.1, iPhone X.

These problems were not exist in Xcode 13 beta 3.
My environment is Xcode 13 beta 4.
LineSDK version is 5.7.0

What did you do?

I Integrated login codes followed guide on the LINE Developers site. and I did the test for login with LINE. After allowing the permission, the page was redirected to confirm page.

What did you expect?

the guide message is displayed by iOS device language on confirm page.

What happened actually?

the guide message is displayed by the Japanese on confirm page.
"このアプリを開きますか？"

Regardless of the device language, that message is always displayed in Japanese.

Your environment?

Line SDK version : 5.0.1
Xcode version: 10.1
iOS version: 12.1
iOS Language : English
iOS Region: United States

Sample project

This bug occurs in LineSDKSample.

Source code:

the correct word should be "language", but all these comments misspelled it as "langauge"

What did you do?

sp.resources = ["LineSDK/LineSDK/Assets.xcassets", "LineSDK/LineSDK/Resource.bundle"] triggers CocoaPods/CocoaPods#8431 which can cause apps to pull in excessive amounts of resources.

Please update to resource_bundles, which has numerous benefits aside from working around this issue.

Hello~ I want to disable the AppUniversalLinkFlow in LINE iOS SDK, only use AppAuthSchemeFlow.

-> How could I achieve that? Since for the case if the device has already installed the LINE app but not logged in yet.
-> The Universal link will open the Safari Webpage automatically. And I am unable to access those private functions in the SDK; please assist me in resolving this issue.

What did you do?

Enable the mac option for an iOS target in Xcode 11.1, that is, The Catalyst.
Build it.

What did you expect?

Build successfully.

What happened actually?

Got error at CryptoHelpers.swift #172 in LineSDKSwift target saying:
'SecCertificateCopyPublicKey' is unavailable in Mac Catalyst

After some investigation, seems SecCertificateCopyPublicKey is marked as deprecated since iOS 10.2, and SecCertificateCopyKey is recommended in the Documentation from here https://developer.apple.com/documentation/security/1396096-seccertificatecopypublickey

Though there is actually no harm to any existing iOS projects, it would great if we could get this fixed to make the transition for any projects targeting iosmac more easily.

Your environment?

LINE SDK version 5.3.0
Xcode version 11.1
macOS version 10.15

What did you do?

Login my app with Line in iPad iOS 13 version, it will lead to a web page.
After entering my user email/password, it shows 500 internal server error.

What did you expect?

I can log in with Line account in iOS 14 with the same version of line app and my own app

Your environment?

iOS 13.2.3 with Line SDK 5.6.2

Screenshot

Is it a security issue?

N

If you believe you have discovered a vulnerability or have an issue related to security, please DO NOT open a public issue. Instead, send us a mail to [email protected].

What did you do?

Run a code scanner $ mint run techinpark/ios_privacy_manifest_scanner

Please describe what you did before you encounter the issue.

What did you expect?

Provide a privacy manifest as Apple required

Please describe what you did expect to happen.

What happened actually?

If you upload an app to App Store Connect that uses required reason API without describing the reason in its privacy manifest file, Apple sends you an email reminding you to add the reason to the app’s privacy manifest. Starting May 1, 2024, apps that don’t describe their use of required reason API in their privacy manifest file aren’t accepted by App Store Connect.
ref https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api

Please describe what happened actually.

Your environment?

LINE SDK 5.10.1

Some information of the environment in which the issue happened. LINE SDK version, Xcode version, iOS version, etc.

Sample project

It would be appreciated if you can provide a link to or update a sample project that we can download and reproduce the issue.

Recently, there was an inquiry from the user of our service, and I noticed error on LINE login.
I tried the sample, but has same error.

Error:
On Tap Login Button on sample, Line app show error popup.(image)

Environment:
Xcode11.3.1 MacOS Catalina10.15.4 iOS13.4 LINE App 10.3.0

I also create thread on developers community(japanese).
https://www.line-community.me/question/5e87c28d851f7402cd9668a4

What did you do?

I have created a iOS project and followed the link https://developers.line.biz/en/docs/line-login-sdks/ios-sdk/swift/integrate-line-login/.

What did you expect?

Redirect the user to my iOS app without using a WebView.

What happened actually?

After the user successfully logs in, the Line app redirects the user to a web view before navigating to my iOS app.

Sample project

I used the sample project from this repository and only changed the channelID

Swift 5.0 regression. SR-9375

在OC中使用line登录SDK， 登录成功回调不走

Please let me ask a question about the supported iOS version.

After carthage update we checked framework information with the following command, LineSDKObjC.framework did not include armv7. Will it be said that this is not compatible with iOS 10?

Is my procedure wrong?

$ xcrun lipo -info Carthage/Build/iOS/LineSDK.framework/LineSDK 
Architectures in the fat file: Carthage/Build/iOS/LineSDK.framework/LineSDK are: i386 x86_64 armv7 arm64 

$ xcrun lipo -info Carthage/Build/iOS/LineSDKObjC.framework/LineSDKObjC 
Architectures in the fat file: Carthage/Build/iOS/LineSDKObjC.framework/LineSDKObjC are: x86_64 arm64 

https://developers.line.biz/en/docs/ios-sdk/swift/setting-up-project/#installation

Setup Line in project according to above link document.

Auth url can't load in safari. See below image

Environment:
Xcode 13.2
Device: Simulator/Phone iOS 15.2

Recently, there was an inquiry from the user of our service, and I noticed error on LINE login.
I tried the sample, but has same error.

Error:
On Tap Login Button on sample, Line app show error popup.(image)

Environment:
Xcode11.3.1 MacOS Catalina10.15.4 iOS13.4 LINE App 10.3.0

I also create thread on developers community(japanese).
https://www.line-community.me/question/5e87c28d851f7402cd9668a4

Is it a security issue?

No

What did you do?

Login using Line SDK does not work on iOS 11, 12.

What did you expect?

normal login

What happened actually?

Login does not work in iOS 11 and 12 environments. After entering the ID and password, a blank screen appears. It looks normal from iOS 13 onwards, and internal tests show that a similar issue occurs on Android 5.

Your environment?

xcode 14.x, iOS 11 and 12 iPhone models. LineSDK 5.8.2, and Line SDK 5.9.1 for later testing also succeeded in reproducing the issue. (However, the xcode version seems meaningless. The previous App released last year also came back and checked again, and it is impossible to log in the same.)

Sample project

We used the sample project provided here and leave a reproduction video.

What did you do? / What did you expect?

To confirm login, LineSDK is using:
application(_ app: UIApplication, open url: URL, options: [UIApplication.OpenURLOptionsKey : Any] = [:]) -> Bool

Can't resumeOpenURL(..) since open url is not called anymore, instead the SDK should be compatible with:
scene(_ scene: UIScene, openURLContexts URLContexts: Set<UIOpenURLContext>)

What happened actually?

Login can't be confirmed.

Your environment?

LINE SDK: 5.2.4
XCode: 11.0 beta 5 (11M382q)
iOS: 13.0 (17A5572a)

Trying To Work Around

func scene(_ scene: UIScene, openURLContexts URLContexts: Set<UIOpenURLContext>) {
print(URLContexts.debugDescription)
        if let url = URLContexts.first?.url {
            _ = LoginManager.shared.application(UIApplication.shared, open: url)
        }
    }

Console

Set([<UIOpenURLContext: 0x280866680; URL: line3rdp.com.XXXXXXX.XXX://authorize/?code=XXXXXXXXXXXXXXXXXXXX&state=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX; options: <UISceneOpenURLOptions: 0x2806dc990; sourceApp: (null); annotation: (null); openInPlace: NO>>]) authorizeFailed(reason: LineSDK.LineSDKError.AuthorizeErrorReason.invalidSourceApplication)

Best Regards,
Coriolan Bataille

LINE SDK contains a token auto-refreshing feature when public APIs called and fails with an unauthorized error. However, for the OAuth related APIs, especially the verify token API, we are following the OAuth 2.0 spec so we have a different error code when the token is invalid.

However, in our documentation, we mentioned that all methods in API will handle auto-refreshing, which is not the truth. Of course, we can point it out in our documentation, but it would be better if we can have the help of compiler to distinguish these two kinds of APIs.

The plan is deprecating the OAuth related APIs in API, and move them to a nested type, like API.Token, so users can have a better idea the these two are not created equally.

I want to test the function of share content with Line friend, and try the One-Time Sharing.

Also I used the LineSDKSample project to test the share function and select the Login Permissions like this

but I can not login with One-Time Sharing Permission

with my channel had not the One-Time Sharing Permission, how can I add the One-Time Sharing Permission to my channel, there is not any edit option for the channel permission.

Thanks for your help!

Referring to the documentation, native clients will send an access token and id token to our backend service. This means that we can't then obtain a refresh token, so when the access token expires we have no access to LINE APIs on behalf of the user. The only way to solve this is for the client to reauthenticate and send new tokens.

Web-based login on the other hand provides the server with an authorization code (docs) which can be exchanged for an access token and a refresh token.

This is a problem for us because we have implemented a login service, for both our web application and native applications, which exchanges external tokens for our own tokens. This works fine for other services (sign in with Apple, sign in with Google, etc.) which do provide an authorization code and therefore allow us to obtain a refresh token for those services. Internally we use the provider refresh token when the access token expires. As LINE does not provide a refresh token, we would have to also have the client send a new LINE access token if the old one has expired, and therefore update our database. I'm sure you can see how this will require us to branch our logic (i.e. if (line) { specialRefreshToken } else { normalRefreshToken }).

Considering the authorization code is used internally within the SDK, I don't quite understand why this is being closely guaraded client-side rather than making this available to pass to backend services instead of being exchanged behind the scenes. Can anybody comment on the reasons behind this (and why LINE is so different to other SSO providers like Google or Apple)?

Xcode 12 beta 1 Carthage build fail

A NSRecursiveLock is safer here. When two actions( add/remove) occur at the same time, we may fall into a deadlock.

Is it a security issue?

If you believe you have discovered a vulnerability or have an issue related to security, please DO NOT open a public issue. Instead, send us a mail to [email protected].

What did you do?

I made a CPP-plugin with line-sdk-ios-swift and called line login in Unreal Engine build.

What did you expect?

line login success

What happened actually?

Sometimes crashing when calling line-sdk-login in Unreal Engine build.

Your environment?

Xcode 13.1, Unreal Engine 4.25.4, Line SDK 5.7.0, iOS 12~14 test device

Sample project

Result debugging

class AppUniversalLinkFlow {
    
    let url: URL
    let onNext = Delegate<Bool, Void>()
    
    init(parameter: LoginProcess.FlowParameters) {
        let universalURLBase = URL(string: Constant.lineWebAuthUniversalURL)!
        url = universalURLBase.appendedLoginQuery(parameter)
    }
    
    func start() {
        // crash point!!
        UIApplication.shared.open(url, options: [.universalLinksOnly: true]) {
            opened in
            self.onNext.call(opened)
        }
    }
}

I am a new programmer and I need to access the LineSDK and use the line login feature in my company's SDK project.
I had two problems,

The first problem is that when LineAPP is installed, after I click the login button, I can successfully jump to the LineAPP for authentication, but an error is reported after jumping back to the project: LineSDKObjC.LineSDKError.authorizeFailed(reason: LineSDKObjC.LineSDKError.AuthorizeErrorReason.userCancelled),
"error_message" : "User cancelled or interrupted the login process.",
"error_code" : "3003"

The second problem is that when I log in without the Line APP installed, I can confirm the permission on the line login page after jumping to the line login page, but the confirmation key of the return item is invalid. This is the Xcode log: -canOpenURL: failed for URL: "lineauth2://authorize/" - error: "The operation couldn’t be completed. (OSStatus error -10814.)”

These two problems still existed after I created a new Xcode APP project and connected it according to the Line documentation. I don't have enough experience to know if it's a code error or something.
The following is the code of my new Xcode project. If you need the code of this part of the company project, please let me know:

LineSDK 5.9.1, Xcode14.3, IOS16.5

@implementation ViewController

• (void)viewDidLoad {
  [super viewDidLoad];
  }

• (IBAction)loginButtonTapped:(id)sender {
  [self login];
  }

• (void)login {
  [[LineSDKLoginManager sharedManager] loginWithPermissions:@[LineSDKLoginPermission.profile] inViewController:self completionHandler:^(LineSDKLoginResult * _Nullable result, NSError * _Nullable error) {
  if (result) {
  NSLog(@"%@", result.accessToken.value);

        NSString *token = result.accessToken.value;
        LineSDKUserProfile *profile = result.userProfile;
        NSMutableString *message = [NSMutableString stringWithFormat:@"Login succeeded.\n\nAccess Token: %@\n", token];
  
        if (profile) {
            [message appendFormat:@"User ID: %@\n", profile.userID];
            [message appendFormat:@"Display Name: %@\n", profile.displayName];
            [message appendFormat:@"Icon: %@\n", profile.pictureURL];
        }
  
        UIAlertController *alert = [UIAlertController alertControllerWithTitle:@"Success" message:message preferredStyle:UIAlertControllerStyleAlert];
        UIAlertAction *okAction = [UIAlertAction actionWithTitle:@"OK" style:UIAlertActionStyleDefault handler:nil];
        [alert addAction:okAction];
        [self presentViewController:alert animated:YES completion:nil];
  
    } else {
        NSLog(@"%@", error);
  
        UIAlertController *alert = [UIAlertController alertControllerWithTitle:@"Error" message:error.localizedDescription preferredStyle:UIAlertControllerStyleAlert];
        UIAlertAction *okAction = [UIAlertAction actionWithTitle:@"OK" style:UIAlertActionStyleDefault handler:nil];
        [alert addAction:okAction];
        [self presentViewController:alert animated:YES completion:nil];
    }
  

  }];
  }
  @EnD
  t1.zip