# Managing users

This topic explains how to perform the following user management tasks:

# Getting user profiles

If the login request is sent with the profile scope, you can get the user's LINE profile information. The user profile includes the user ID, display name, profile media (image or video), and status message.

Call the getProfileWithCompletion method as below:

[apiClient getProfileWithCompletion:^(LineSDKProfile * _Nullable profile, NSError * _Nullable error) {

    if(error){

        NSLog(@"Error getting profile: %@", error.description);

    } else {

        LineSDKProfile * profileInformation = profile;

        NSString * displayName = profileInformation.displayName;
        NSString * userID = profileInformation.userID;
        NSString * statusMessage = profileInformation.statusMessage;
        NSURL * pictureURL = profileInformation.pictureURL;

        NSString * pictureUrlString

        // If the user doesn't have a profile picture set, pictureURL will be nil
        if(pictureURL){
            NSString * profilePictureUrlString = profilePictureURL.absoluteString;
        }

    }

}];

If the call succeeds, the user’s profile information is returned in the profile argument and the error argument is nil. Otherwise, you can get information about the failure from the error argument.

The getProfileWithCompletion method gets the values at the time of login while users can change their display name, profile media, and status message anytime in LINE. To identify users, use the value of the userID property that doesn't change.

# Executing the completion block in a different queue

The getProfileWithCompletion method executes its completion block in the main queue. To execute the completion block in a different queue, specify the queue by calling the getProfileWithCallbackQueue method.

[apiClient getProfileWithCallbackQueue:dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0)
    completion:^(LineSDKProfile * _Nullable profile, NSError * _Nullable error) {
...
}];

# Using ID tokens to verify user identities

The OpenID Connect (opens new window) 1.0 specification is an identity layer on top of the OAuth 2.0 protocol. With OpenID Connect, you can securely exchange information with the LINE Platform. Currently, you can get the user profile and email address from the LINE Platform by issuing ID tokens that conform to the OpenID Connect specification.

# Applying for email permission

You can request users who log in using LINE Login to grant your app the permission to get their email address. To do so, apply for the permission in the LINE Developers Console. For more information, see Applying for email permission in the LINE Login guide.

# Login with the OpenID and email scopes

Once your channel has the email permission, you can let users log in with the openid and email scopes to get the user's email address from the ID token as below:

NSArray *permissions = @[@"profile", @"openid", @"email"];
[[LineSDKLogin sharedInstance] startLoginWithPermissions:permissions];

An ID token is a signed JSON Web Token (opens new window). The LINE SDK validates the token by checking its signature and expiration date for you, to prevent any malformed data in it. If the validation passes, the didLogin delegate method will be called with an argument that is a LineSDKCredential object including the ID token as:

- (void)didLogin:(LineSDKLogin *)login
      credential:(LineSDKCredential *)credential
         profile:(LineSDKProfile *)profile
           error:(NSError *)error
{
    NSLog(@"User Email: %@", credential.IDToken.email);
}

# Treating user data carefully

Do not save any sensitive user data in plain text in your app or server, or transfer them through non-secure HTTP communication. Such data include the access token, user ID, username, and any information in the ID token. The LINE SDK will store the user's access token in the keychain for you. If needed, you can access it after authorization with the code below:

LineSDKAccessToken *token = [LineSDKConfiguration defaultConfig].currentAccessToken;

ID tokens are issued only at the time of login. To update the ID token, you need to have the user log in again. However, if you set the profile scope in the login request, you can call the getProfileWithCompletion method to get the user's profile information.

# Logging out users

You can log out users from your app. To provide a better user experience, we recommend providing a way for users to log out of your app.

To invalidate the access token and log out the user from your app, call the logoutWithCompletion method. The user is logged out of your app when you invalidate the access token. After logging out, the user must go through the login process again to log in.

[apiClient logoutWithCompletion:^(BOOL success, NSError * _Nullable error){

    if (success){
        // Logout Succeeded
    } else {
        // Logout Failed
        NSLog(@"Logout Failed: %@", error.description);
    }

}];

If the call succeeds, the success argument is YES and the error argument is nil. Otherwise, you can get information about the failure from the error argument.

# Executing the completion block in a different queue

The logoutWithCompletion method executes its completion block in the main queue. To execute the completion block in a different queue, specify the queue by calling the logoutWithCallbackQueueCompletion method.

[apiClient logoutWithCallbackQueue:dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_HIGH, 0)
    completion:^(BOOL success, NSError * _Nullable error){
...
}];