Comments (2)
Hi,
Thanks for opening this.
About authorization code
The native LINE SDK is not only an SSO login component (LINE Login), but also an API client for using other public LINE APIs. So a main target of this project is providing a self-contained solution for most developers. Making a client authorization code exchange can help those developers who wants to use LINE APIs even when they do not own their own server. Also, since the LINE Login in LINE SDK is a "mobile-first" login SSO, it contains more client-oriented secure features, but lack of the notorious client_secret
.
You can intercept the authorization code from the URL which LINE Login service returns to you in the app delegate. It should be a URL query parameter under "code"
and you can even refer to the LoginProcessURLResponse
. However, you still need to expose the state
and the PKPE codeVerifier
, then send them to your server together to exchange the final token.
About refresh token
Since it might be a bit complicated to use the authorization code on your server, another more realistic way is just leaving the token exchange to LINE SDK, and sending access token and refresh token to your server.
However, sending and storing these tokens (access token or refresh token) is considered as violating agains Apple's App Store Review Guidelines:
An app may not store credentials or tokens to social networks off of the device and may only use such credentials or tokens to directly connect to the social network from the app itself while the app is in use.
We before also received some rejection report on this, so we recognize it as a "mis-use" to sending LINE access token or refresh token to your server for storing purpose. This is why we marked the refreshToken
deprecated and private in AccessToken
type (the access token is left as public
since it is necessary to be used to identify user for your server).
LINE SDK manages the refreshing automatically. If you really need the refresh token, it would be trivial to fork this repo and change the _refreshToken
from private
to public
. But keep in mind, refreshing the token on your server would lead an un-sync state between the token stored in your app and on your server, so some racing might happen if you use LINE's API on both side.
from line-sdk-ios-swift.
Thank you for your detailed reply. We might look into the intercept route in that case.
from line-sdk-ios-swift.
Related Issues (20)
- 授权登录页面没有出现添加官方账号为好友选项 HOT 4
- $ git clone https://github.com/line/line-sdk-ios-swift.git
- Sometimes crashing when calling line-sdk-login in Unreal Engine HOT 3
- Line sign in NOT working HOT 2
- Cannot find 'LoginManager' in scope HOT 6
- How to use the One-Time Sharing Function HOT 1
- web登陆页面有红色文案显示"无法登陆",但是输入邮箱和密码后,可以成功登陆 HOT 1
- ios版本的怎么分享图片呢? HOT 1
- 跳转line app 授权失败,使用web授权成功 HOT 3
- how to get "id_token" in lineSDKObjC ? HOT 6
- Objective-C Line Login error HOT 1
- Login is not possible on lower OS (iOS 11, 12). HOT 8
- ld: symbol(s) not found for architecture arm64 HOT 2
- ios login open a new url HOT 7
- How to disable the AppUniversalLinkFlow HOT 2
- 【Urgent】https://d.line-scdn.net CDN Server is down,LineSDK will pod install fail HOT 1
- Login with UniversalLinkFlow auto direct Safari browser HOT 4
- PrivacyInfo.xcprivacy questions on ios 12 HOT 2
- 无法使用cocoapods加载资源 HOT 2
- After a successful login, the Line app does not redirect to my iOS app directly; instead, it goes to the WebView first HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from line-sdk-ios-swift.