NAME
LWP::Authen::OAuth2::ServiceProvider::Line - Access Line OAuth2 API v2
SYNOPSIS
my $oauth2 = LWP::Authen::OAuth2->new(
service_provider => 'Line',
redirect_uri => 'http://example.com/',
client_id => 'line_client_id' # Retrieved from https://developers.line.me/
client_secret => 'line_client_secret' # Retrieved from https://developers.line.me/
);
my $url = $oauth2->authorization_url(state => $state);
# ... Send user to authorization URL and get authorization $code ...
$oauth2->request_tokens(code => $code);
# Simple requests
# User Info
my $profile = $oauth2->make_api_call('profile');
my $userId = $profile->{userId};
my $displayName = $profile->{displayName};
my $pictureUrl = $profile->{pictureUrl};
my $statusMessage = $profile->{statusMessage};
# Refresh
$oauth2->refresh_access_token();
# More complex requests...
# Verify
# Manually send the request using the internal user agent - see explanation in "Line API Documentation" below.
my $access_token_str = $oauth2->access_token->access_token;
my $res = $oauth2->user_agent->post($oauth2->api_url_base.'oauth/verify' => { access_token => $access_token_str });
my $content = eval { decode_json($res->content) };
my $scope = $content->{scope};
my $client_id = $content->{client_id};
my $expires_in = $content->{expires_in};
# Revoke
# Look up the internal refresh token - see explanation in "Line API Documentation" below.
my $refresh_token_str = $oauth2->access_token->refresh_token;
$oauth2->post($oauth2->api_url_base.'oauth/revoke' => { refresh_token => $refresh_token_str });
REGISTERING
Individual users must have an account created with the Line application. In order to log in with OAuth2, users must register their email address. Device-specific instructions can be found on the Line support site.
API clients can follow the Line Login documentation to set up the OAuth2 credentials.
Line API Documentation
See the Line Social REST API Reference.
As of writing, there are two simple API calls: profile
and refresh
.
There are also verify
and revoke
endpoints, which require a bit more work.
verify
-
verify
is designed for verifying pre-existing access tokens. Instead of using theAuthorization
header, this endpoint expects the access token to be form-urlencoded in the request body. Because of this, it's necessary to get access to the internal access token string to send in the request body. The LWP::Authen::OAuth2::ServiceProvider::Line::AccessToken token class used by this service provider provides theaccess_token
accessor for this purpose.The server seems to ignore the
Authorization
header for this request, so including it is probably not a problem. If you want to avoid sending the access token in the header, it's necessary to manually construct the request and decode the response.See "SYNOPSYS" for usage examples.
revoke
-
revoke
requires the refresh token to be form-urlencoded in the request body. Because of this, it's necessary to get access to the internal refresh token string to send in the request body. The LWP::Authen::OAuth2::ServiceProvider::Line::AccessToken token class used by this service provider provides therefresh_token
accessor for this purpose. See "SYNOPSYS" for usage examples.
Refresh timing
Line access tokens can be refreshed at any time up until 10 days after the access token expires. The LWP::Authen::OAuth2::ServiceProvider::Line::AccessToken token class used by this service provider extends the should_refresh
method for this purpose, causing $oauth2->should_refresh()
to return false if this 10-day period has lapsed.
AUTHOR
Adam Millerchip, <adam at millerchip.net>