Integrating LINE Login (v2) with your web app

Note: This guide describes how to integrate LINE Login v2 with your web application. To integrate LINE Login v2.1 which supports the OpenID Connect protocol, see Integrating LINE Login.

This page explains how to integrate LINE Login with your web application. If you don’t have an existing application and would like to try LINE Login on a sample application, go to Trying LINE Login on a web app.

Login flow

The LINE Login process for web (web login) is based on the OAuth 2.0 authorization code grant flow. Your application must be able to make requests server-side and receive data from the LINE Platform. The following is an overview of the web login flow.

LINE Login auth flow

These are the steps involved in the web login process.

  1. Your application directs the user to the LINE Login authorization URL with the client_id, redirect_uri, and state values.
  2. The LINE Login dialog is opened in a browser and the user logs in to be authenticated. After the LINE Platform validates the user’s credentials, the user must also agree to grant the requested permissions to your app.
  3. The LINE Platform redirects the user back to your app via redirect_uri with the authorization code and state in the query string.
  4. Your application requests an access token from the https://api.line.me/v2/oauth/accessToken endpoint with the authorization code.
  5. The LINE Platform validates your application’s request and returns an access token and a refresh token.

Once you have retrieved an access token, you can use it to call APIs to get user profile information.

Before you begin

To start integrating your application with LINE Login, make sure you have completed the following.

Configuring your channel

To specify where to redirect the user after login, set a callback URL from the "App settings" page of the console.

Note: You can set multiple callback URLs.

Redirect settings

Getting an authorization code

To get an authorization code, redirect the user to the URL for the LINE Login dialog from your app with the required query parameters. You can redirect the user using a LINE Login button or with a direct link.

https://access.line.me/dialog/oauth/weblogin?response_type=code&client_id={Channel ID}&redirect_uri={Callback URL}&state={State}

Include the following required query parameters in the URL.

Parameter Value Type Description
response_type code String code. This tells the LINE Platform to return an authorization code.
client_id Channel ID String Unique identifier for your channel issued by LINE
redirect_uri Callback URL String URL users are redirected to after authentication and authorization. Must match one of the the callback URLs registered for your channel in the console.
state Any alphanumeric string String A unique value used to prevent cross-site request forgery. This value should be randomly-generated by your application. Cannot be a URL-encoded string.

The following is an example of a URL with the required parameters.

https://access.line.me/dialog/oauth/weblogin?response_type=code&client_id=12345&redirect_uri=https%3A%2F%2Fsample.com%2Fauth&state=123abc

User authentication

When users are redirected to the LINE Login dialog, they must first log in with their LINE credentials. If they are already logged in to LINE, they will be logged in automatically. A consent screen will then be displayed and the user must either agree or deny the permissions that your application is requesting. By default, your application requests access to the user’s profile information.

The following is a consent screen with the permissions that are requested by your app.

Consent screen

Receiving the authorization code

Once the user logs in and agrees to grant the permissions, the user is directed to the callback URL with the following query parameters.

Parameter Type Description
code String Authorization code used to get an access token. Valid for 10 minutes. This authorization code can only be used once.
state String State parameter included in the authorization URL of original request. Your application should verify that this value matches the one in the original request.

The following is an example response.

https://sample.com/callback?code=b5fd32eacc791df&state=123abc

Error response

If the user denies the permissions requested by your application, the following parameters are returned in the callback URL query string.

Parameter Type Description
error_description String The+user+has+denied+the+approval. Note: This parameter does not appear in the in-app browser of iOS and Android applications. We are currently working on this issue.
errorMessage String DISALLOWED
errorCode Integer 417
state String State parameter included in the authorization URL of original request.
error String access_denied

This is an example of an error response.

https://sample.com/callback?error_description=The+user+has+denied+the+approval&errorMessage=DISALLOWED&errorCode=417&state=123abc&error=access_denied

If the user denies the permissions requested by your application, your application should handle the error appropriately.

Getting an access token

To get an access token, make an HTTP POST request with the authorization code. Once you have an access token, you can use it to make API calls. The access token is issued at the following endpoint.

Request

POST https://api.line.me/v2/oauth/accessToken

Request header Description
Content-Type application/x-www-form-urlencoded

Request body

The information in the request body is in a form-urlencoded format.

Parameters Type Description
grant_type String authorization_code. Specifies the grant type.
client_id String Channel ID. Found in the console.
client_secret String Channel secret. Found in the console.
code String Authorization code
redirect_uri String Callback URL

Example request

This an example of the information in the request body.

grant_type=authorization_code&code=b5fd32eacc791df&client_id=12345&client_secret=d6524edacc8742aeedf98f
&redirect_uri=https%3A%2F%2Fsample.com%2Fauth

Receiving the access token

The LINE Platform validates the request and returns an access token and a refresh token. The refresh token is used to get new access tokens.

Property Type Description
scope String P. Default permission to access the user’s LINE profile information.
access_token String Access token. Valid for 30 days.
token_type String Bearer
expires_in Integer Amount of time in seconds until the access token expires.
refresh_token String Token used to get a new access token. Valid up until 10 days after the access token expires.

The following is an example JSON response.

    {
       "scope":"P",
       "access_token":"bNl4YEFPI/hjFWhTqexp4MuEw5YPs7qhr6dJDXKwNPuLka...",
       "token_type":"Bearer",
       "expires_in":2591977,
       "refresh_token":"8iFFRdyxNVNLWYeteMMJ"
     }

You can store the information on your server and use the access token to call APIs.

Next steps

After getting an access token, use it to call the Social API to get user profile information, log out the user, and manage access tokens. For more information, see the following pages.