omniauth-line-login 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 36e8441f59c7ffa46a93a4516716e930ce335a879812678609a3d3a1e380c1f2
+  data.tar.gz: bdbf3c1542f88253dc2a7073f4e4ad448392a81437359c2d2c69ddaa6f851c7f
+SHA512:
+  metadata.gz: 4235a6357c0f8874e1c24af15c2a98cf500fec0bbc075098b358f1edae0e7d571f8672e3860950a296c2a78fc53b44233f8d018d27f62962065e95026a1daa5f
+  data.tar.gz: 9da5d436a8a8d70ea490dad680b95379230a432eec2bf0841ef610878d95639acdf92d2f8c49dfa69c09e5f0c12ced802f5370f46863193450c70082e08865a4

data/LICENSE

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 kazasiki
+Copyright (c) 2026 buferago
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,69 @@
+# OmniAuth LINE Login
+
+OmniAuth strategy for [LINE Login](https://developers.line.biz/en/docs/line-login/overview/) with OpenID Connect email support.
+
+This is a fork of [omniauth-line](https://github.com/kazasiki/omniauth-line) by kazasiki, enhanced with ID Token verification to extract `email` and `email_verified` claims via LINE's `/oauth2/v2.1/verify` API.
+
+## Installation
+
+Add to your Gemfile:
+
+```ruby
+gem 'omniauth-line-login'
+```
+
+Then `bundle install`.
+
+## Usage
+
+```ruby
+# config/initializers/omniauth.rb or devise.rb
+config.omniauth :line, ENV['LINE_CHANNEL_ID'], ENV['LINE_CHANNEL_SECRET'],
+  scope: 'profile openid email'
+```
+
+**Important**: The `email` scope is required to receive an ID Token containing email claims. You must also apply for the "Email address" permission in your LINE Developers Console channel settings.
+
+## What's Different from omniauth-line
+
+The original `omniauth-line` gem only calls LINE's `/v2/profile` API, which does not return email. This fork adds:
+
+- **ID Token verification** via LINE's `/oauth2/v2.1/verify` API (server-side verification)
+- **`info[:email]`** — extracted from the verified ID Token claims
+- **`info[:email_verified]`** — the `email_verified` claim from the ID Token
+- **`extra[:id_token_claims]`** — full ID Token claims for debugging and extension
+
+## Auth Hash
+
+```ruby
+{
+  uid: 'U02fa1e93...',
+  info: {
+    name: 'Display Name',
+    image: 'https://profile.line-scdn.net/...',
+    description: 'Status message',
+    email: 'user@example.com',        # NEW
+    email_verified: true               # NEW
+  },
+  extra: {
+    raw_info: { ... },                 # LINE /v2/profile response
+    id_token_claims: { ... }           # NEW: verified ID Token claims
+  }
+}
+```
+
+## Error Handling
+
+If the ID Token is not present (e.g., `openid` scope not included) or the verify API returns an error, `email` and `email_verified` will be `nil` and the application can fall back to its own email collection flow. Errors are logged via `OmniAuth.logger`.
+
+## Nonce Verification
+
+This gem does **not** perform nonce verification. If your application requires nonce validation, you can access the nonce from `extra[:id_token_claims]['nonce']` and verify it in your callback controller.
+
+## License
+
+MIT License. See [LICENSE](LICENSE) for details.
+
+Original work by [kazasiki](https://github.com/kazasiki/omniauth-line).
+
+Repository: [buferago/omniauth-line](https://github.com/buferago/omniauth-line)

data/lib/omniauth/strategies/line.rb

@@ -0,0 +1,90 @@
+require 'omniauth-oauth2'
+require 'json'
+require 'net/http'
+require 'uri'
+
+module OmniAuth
+  module Strategies
+    class Line < OmniAuth::Strategies::OAuth2
+      option :name, 'line'
+      option :scope, 'profile openid'
+
+      option :client_options, {
+        site: 'https://access.line.me',
+        authorize_url: '/oauth2/v2.1/authorize',
+        token_url: '/oauth2/v2.1/token'
+      }
+
+      # LINE API のベース URL が認可とリソースで異なるため、
+      # callback 時に api.line.me に切り替える（本家踏襲）
+      def callback_phase
+        options[:client_options][:site] = 'https://api.line.me'
+        super
+      end
+
+      def callback_url
+        options[:callback_url] || (full_host + script_name + callback_path)
+      end
+
+      uid { raw_info['userId'] }
+
+      info do
+        {
+          name:           raw_info['displayName'],
+          image:          raw_info['pictureUrl'],
+          description:    raw_info['statusMessage'],
+          email:          id_token_claims['email'],
+          email_verified: id_token_claims['email_verified']
+        }
+      end
+
+      extra do
+        {
+          raw_info: raw_info,
+          id_token_claims: id_token_claims
+        }
+      end
+
+      def raw_info
+        @raw_info ||= JSON.parse(access_token.get('v2/profile').body)
+      rescue ::Errno::ETIMEDOUT
+        raise ::Timeout::Error
+      end
+
+      private
+
+      VERIFY_URL = URI('https://api.line.me/oauth2/v2.1/verify')
+
+      # LINE /oauth2/v2.1/verify API で ID Token をサーバー側検証し、クレームを取得
+      # access_token オブジェクトに依存せず、Net::HTTP で直接呼び出す（site 依存を排除）
+      # エラー時は空ハッシュを返しフォールバック（メール入力フローへ）
+      def id_token_claims
+        return @id_token_claims if defined?(@id_token_claims)
+
+        id_token = access_token.params&.[]('id_token')
+        if id_token.nil? || id_token.to_s.empty?
+          return @id_token_claims = {}
+        end
+
+        resp = Net::HTTP.post_form(VERIFY_URL, {
+          id_token: id_token,
+          client_id: options.client_id
+        })
+
+        unless resp.is_a?(Net::HTTPSuccess)
+          log(:warn, "LINE verify API returned #{resp.code}: #{resp.body}")
+          return @id_token_claims = {}
+        end
+
+        @id_token_claims = JSON.parse(resp.body)
+      rescue JSON::ParserError, Net::OpenTimeout, Net::ReadTimeout, SocketError, Errno::ECONNREFUSED => e
+        log(:warn, "LINE ID Token verification failed: #{e.class} - #{e.message}")
+        @id_token_claims = {}
+      end
+
+      def log(level, message)
+        OmniAuth.logger.send(level, "(line) #{message}") if OmniAuth.logger
+      end
+    end
+  end
+end

data/lib/omniauth-line-login/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module Line
+    VERSION = "0.2.0"
+  end
+end

data/lib/omniauth-line-login.rb

@@ -0,0 +1,2 @@
+require 'omniauth-line-login/version'
+require 'omniauth/strategies/line'

data/omniauth-line-login.gemspec

@@ -0,0 +1,26 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "omniauth-line-login/version"
+
+Gem::Specification.new do |s|
+  s.name        = "omniauth-line-login"
+  s.version     = OmniAuth::Line::VERSION
+  s.authors     = ["kazasiki", "buferago"]
+  s.email       = ["kazasiki@gmail.com"]
+  s.homepage    = "https://github.com/buferago/omniauth-line"
+  s.description = %q{OmniAuth strategy for LINE Login with OpenID Connect email support}
+  s.summary     = %q{OmniAuth strategy for LINE Login - fork with ID token email extraction}
+  s.license     = "MIT"
+
+  s.files         = Dir['lib/**/*', 'LICENSE', 'README.md', '*.gemspec']
+  s.require_paths = ["lib"]
+
+  s.required_ruby_version = ">= 2.7"
+
+  s.add_dependency 'json', '>= 2.3.0'
+  s.add_dependency 'omniauth-oauth2', '~> 1.8'
+  s.add_development_dependency 'bundler', '~> 2.0'
+  s.add_development_dependency 'rspec', '~> 3.0'
+  s.add_development_dependency 'rack-test'
+  s.add_development_dependency 'webmock'
+end

metadata

@@ -0,0 +1,134 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-line-login
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+platform: ruby
+authors:
+- kazasiki
+- buferago
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2026-03-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: OmniAuth strategy for LINE Login with OpenID Connect email support
+email:
+- kazasiki@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/omniauth-line-login.rb
+- lib/omniauth-line-login/version.rb
+- lib/omniauth/strategies/line.rb
+- omniauth-line-login.gemspec
+homepage: https://github.com/buferago/omniauth-line
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.7'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.27
+signing_key:
+specification_version: 4
+summary: OmniAuth strategy for LINE Login - fork with ID token email extraction
+test_files: []