# Transfer session details to back-end server

This page explains how to securely transfer login session details to a back-end server from a native app that implements LINE Login using the LINE SDK.

Find implementation examples on the following pages. When you integrate LINE Login, to increase security, we recommend generating your own nonce values on your server and using these when starting a login process.

# Establish login session in native app

Native app side

After establishing a login session in the native app, get an access token from the LINE Platform and send it to the back-end server.

  1. Execute login in the native app and establish a login session.

  2. Use the LINE SDK to get the logged-in user's access token from the LINE Platform.

  3. Send the access token to the back-end server.

# Transfer login session to back-end server

Backend server side

Verify that the access token received by the back-end server is authentic.

  1. Receive the access token from the native app.

  2. Verify access token validity.

    If verification is successful, the response contains a client_id property (channel ID) and an expires_in property (time until token expires).

  3. Check that client_id and expires_in meet these conditions:

    Property Criteria
    client_id Same as the channel ID of the LINE Login channel linked to the native app
    expires_in Positive value

    If these conditions are met, you received a usable access token from the native app. Use this access token to call the Social API to get the correct user ID.

    Learn how to get the user ID from Get user profile.

Only use verified tokens

If the access token you received can't be verified, don't use that access token.

# Transfer ID token to back-end server

When a native app sends an ID token to your back-end server, you should verify that the ID token is authentic. For added security, we recommend using a nonce.

  1. Receive the ID token and nonce from the native app.

    To ensure that you can verify if the login session was started by a legitimate user, your server should generate the original nonce and securely share it with the client app.

  2. Retrieve the user ID using a verified access token.

    For instructions on verifying access tokens, read Transfer login session to back-end server.

  3. Verify the ID token.

    Use these parameter values:

    Parameter Value
    id_token ID token
    client_id Same as the channel ID of the LINE Login channel linked to the native app
    nonce nonce set in LINE SDK
    user_id User ID returned by Get user profile

    If verification is successful, the ID token payload is returned.

  4. To confirm the validity of the ID token, confirm that the exp value is greater than the UNIX timestamp at the time of verification.