Profile API response format mismatch with node-openid-client

Pre condition, Condition to reproduce

  • Create a LINE Login Channel
  • Use LINE profile API v2 with openid-client latest version.

Issue/ Error Message details

Problem: Cannot connect to LINE profile API using node-openid-client. According to this documentation:

The LINE Platform issues ID tokens compliant with the OpenID Connect (opens new window) specification, allowing you to securely obtain user profile information (user ID, display name, profile picture, email address) from the LINE Platform.

The example response of API is as follow (according to this documentation): { "userId":"U4af4980629...", "displayName":"Brown", "pictureUrl":"https://profile.line-scdn.net/abcdefghijklmn", "statusMessage":"Hello, LINE!" } While as the node-openid-client docs states, it requires a check for userinfo.sub:

Fetches the OIDC userinfo response with the provided Access Token. Also handles signed and/or encrypted userinfo responses. When TokenSet is provided as an argument the userinfo sub property will also be checked to match the on in the TokenSet's ID Token.

Which is obviously missing from the response. The expected response should be something like: { "userId":"U4af4980629...", "sub":"U4af4980629...", //same with userId "displayName":"Brown", "pictureUrl":"https://profile.line-scdn.net/abcdefghijklmn", "statusMessage":"Hello, LINE!" }

Accompanying respective source code


Resolution Tried

If I change the source code of openid-client to check with userId instead of sub, then it works. I don't know if this change should be on LINE or openid-client, please give your advices.

Reference information (Version / Platform/ environment)

Web platform. https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims

  • 0
  • 1
  • 1941
  • twitter facebook

Silly me, I was using the wrong endpoint. The correct solution is to use well-known option. See https://access.line.me/.well-known/openid-configuration

  • 0



本当によろしいですか? question.vm