# How to handle auto login failure
# Overview
For web apps that have integrated LINE Login, auto login may fail when private browsing is enabled. In addition, depending on the specifications of the user's OS, auto login may fail.
- When auto login on the LINE app fails
- When Universal Links or App Links don't work and the LINE app won't launch
# When auto login on the LINE app fails
Auto login on the LINE app may fail when private browsing is enabled. If the login fails, the user is still be redirected to the callback URL with the code
and state
parameters.
In this case, the code
parameter is an invalid value, so you can't issue an access token. Also, the state
parameter doesn't match the value associated with the login session.
This section explains how to detect auto login failures and examples of responses that should be displayed to users when login fails.
# Detecting auto login failure
You can detect auto login failure using the state
parameter explained in Authenticating users and making authorization requests.
When the login fails on the LINE app, this will lead to a mismatch between the value of the state
parameter given to the callback URL and the value of the state
parameter set in the authorization URL. Your web app design should take into account that auto login fails when there is a mismatch between the values of the state
parameters.
With LINE Login, a state
parameter mismatch may occur due to attacks by third parties such as Cross site request forgery (CSRF) (opens new window). Accordingly, it's impossible to determine whether the cause of the state
parameter mismatch is auto login failure or an attack by a third party such as CSRF.
Therefore, when there is a state
parameter mismatch, consider how to deal with the situation where the user unintentionally failed at auto login.
# When auto login fails
In environments where auto login fails, if the user who failed LINE Login is prompted to reattempt with an authorization URL where auto login is enabled, the user will continue to fail at LINE Login repeatedly. In order to prevent continuous login failures, once auto login fails, you can use the disable_auto_login
parameter to prompt the user to reattempt LINE Login with an authorization URL that has auto login disabled.
These are the two recommended responses.
- Display an error message to users and prompt them to reattempt login
- Redirect user to an authorization URL without auto login
# Display an error message to users and prompt them to reattempt login
Display a login failure message to users and prompt them to reattempt login.
Since this screen is displayed when automatic login fails, you need to disable auto login when prompting users to reattempt login. To disable auto login, set the disable_auto_login
parameter to true
in the query parameter of the authorization URL and redirect the user as follows.
https://access.line.me/oauth2/v2.1/authorize?disable_auto_login=true&response_type=code&client_id=1234567890&redirect_uri=https%3A%2F%2Fexample.com%2Fauth%3Fkey%3Dvalue&state=12345abcde&scope=profile%20openid&nonce=09876xyz
We recommend including on this screen a link to the I can't automatically log in to a website with LINE (opens new window) page (https://help.line.me/line/ios/sp?lang=en&contentId=20020693
) from the LINE Help center.
The following is a sample screen that prompts the user to reattepmt login.
# Redirect users to an authorization URL without auto login
Directly redirect users who have failed auto login to the authorization URL where auto login has been disabled. By redirecting users directly, you can display the login screen without making the user aware that auto login has failed. To disable auto login, set the disable_auto_login
parameter to true
in the query parameter of the authorization URL and redirect the user as follows.
https://access.line.me/oauth2/v2.1/authorize?disable_auto_login=true&response_type=code&client_id=1234567890&redirect_uri=https%3A%2F%2Fexample.com%2Fauth%3Fkey%3Dvalue&state=12345abcde&scope=profile%20openid&nonce=09876xyz
If you want to let users know in advance that a redirection will occur, you can display a redirection message.
The following is a sample screen displaying a redirect message.
# When Universal Links or App Links don't work and the LINE app won't launch
We use Universal Links (opens new window) and App Links (opens new window) features to perform auto login on external browsers.
Universal Links or App Links may not work in external browsers or in some in-app browsers, and auto login may not work. In this case, the LINE app won't launch and the email address login screen will appear on the external browser or on the in-app browser. This may happen depending on the specifications of the user's OS. Since the specifications of the OS aren't fully disclosed, it may be difficult for the LINE Platform to avoid the conditions under which auto login fails.
# Notes on making Universal Links work on iOS
Universal Links may not work in the following cases:
- Redirects a user to an authorization URL by JavaScript.
- A user types the URL and goes directly to the authorization URL.
You may be able to work around the problem of Universal Links not working by attending to the above. For example, let users tap a button to go to the authorization URL and start the login process.