Silly me, I was using the wrong endpoint. The correct solution is to use well-known option. See https://access.line.me/.well-known/openid-configuration
Pre condition, Condition to reproduce
- Create a LINE Login Channel
- Use LINE profile API v2 with
openid-client
latest version.
Issue/ Error Message details
Problem: Cannot connect to LINE profile API using node-openid-client
.
According to this documentation:
The LINE Platform issues ID tokens compliant with the OpenID Connect (opens new window) specification, allowing you to securely obtain user profile information (user ID, display name, profile picture, email address) from the LINE Platform.
The example response of API is as follow (according to this documentation):
{
"userId":"U4af4980629...",
"displayName":"Brown",
"pictureUrl":"https://profile.line-scdn.net/abcdefghijklmn",
"statusMessage":"Hello, LINE!"
}
While as the node-openid-client
docs states, it requires a check for userinfo.sub
:
Fetches the OIDC userinfo response with the provided Access Token. Also handles signed and/or encrypted userinfo responses. When TokenSet is provided as an argument the userinfo sub property will also be checked to match the on in the TokenSet's ID Token.
Which is obviously missing from the response. The expected response should be something like: { "userId":"U4af4980629...", "sub":"U4af4980629...", //same with userId "displayName":"Brown", "pictureUrl":"https://profile.line-scdn.net/abcdefghijklmn", "statusMessage":"Hello, LINE!" }
Accompanying respective source code
Resolution Tried
If I change the source code of openid-client
to check with userId
instead of sub
, then it works. I don't know if this change should be on LINE or openid-client
, please give your advices.
Reference information (Version / Platform/ environment)
Web platform. https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
Similar posts
No similar posts