omniauth-line-v2 2.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 23d3d840f82f210a27ca394fe1c0823bc3f965e6a32b465b3ee3454a83050346
+  data.tar.gz: ed2c6fe30e0002128394dd5ca25b651b43a4637fce7a6e53908770e30361bd60
+SHA512:
+  metadata.gz: 887df29c981e129db138948ed7fda87ace372554c8590352af613eeb713b0af99f7a9a06fb979e5fcde447f3d785af32c1f71bd8516999eccf44d53ac3d4e644
+  data.tar.gz: 4c583332f9294651a9e1b3053148d5dd825bee51edabeeaa0a7d1c90286b82884744f94bb3ce6fd00a2b75d37291fabc469f37bdba624dbb13542e8eaee29c62

data/.rspec

@@ -0,0 +1,3 @@
+--require spec_helper
+--color
+--format documentation

data/CHANGELOG.md

@@ -0,0 +1,25 @@
+# Changelog
+
+## [2.0.0] - 2025-11-28
+
+- Rename strategy from `LineV21` to `Line`
+
+## [1.2.0] - 2025-11-03
+
+- Refactor: Remove redundant user info endpoint call
+- Test: Update test
+- Other: Update README.md
+
+## [1.1.0] - 2025-08-02
+
+- Refactor: Refactor `OmniAuth::Strategies::LineV21#authorize_params`
+- Test: Update test
+
+## [1.0.0] - 2025-08-01
+
+- New: Generate nonce parameter automatically for security
+- New: Call fail! when ID token verification response contains error
+
+## [0.0.0] - 2025-07-26
+
+- Initial release

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2025 Masahiro
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,144 @@
+# OmniauthLineV2
+
+[![License](https://img.shields.io/github/license/cadenza-tech/omniauth-line-v2?label=License&labelColor=343B42&color=blue)](https://github.com/cadenza-tech/omniauth-line-v2/blob/main/LICENSE.txt) [![Tag](https://img.shields.io/github/tag/cadenza-tech/omniauth-line-v2?label=Tag&logo=github&labelColor=343B42&color=2EBC4F)](https://github.com/cadenza-tech/omniauth-line-v2/blob/main/CHANGELOG.md) [![Release](https://github.com/cadenza-tech/omniauth-line-v2/actions/workflows/release.yml/badge.svg)](https://github.com/cadenza-tech/omniauth-line-v2/actions?query=workflow%3Arelease) [![Test](https://github.com/cadenza-tech/omniauth-line-v2/actions/workflows/test.yml/badge.svg)](https://github.com/cadenza-tech/omniauth-line-v2/actions?query=workflow%3Atest) [![Lint](https://github.com/cadenza-tech/omniauth-line-v2/actions/workflows/lint.yml/badge.svg)](https://github.com/cadenza-tech/omniauth-line-v2/actions?query=workflow%3Alint)
+
+LINE strategy for OmniAuth.
+
+- [Installation](#installation)
+- [Usage](#usage)
+  - [Rails Configuration with Devise](#rails-configuration-with-devise)
+  - [Configuration Options](#configuration-options)
+  - [Auth Hash](#auth-hash)
+- [Changelog](#changelog)
+- [Contributing](#contributing)
+- [License](#license)
+- [Code of Conduct](#code-of-conduct)
+- [Sponsor](#sponsor)
+
+## Installation
+
+Install the gem and add to the application's Gemfile by executing:
+
+```bash
+bundle add omniauth-line-v2
+```
+
+If bundler is not being used to manage dependencies, install the gem by executing:
+
+```bash
+gem install omniauth-line-v2
+```
+
+## Usage
+
+### Rails Configuration with Devise
+
+Add the following to `config/initializers/devise.rb`:
+
+```ruby
+# config/initializers/devise.rb
+Devise.setup do |config|
+  config.omniauth :line, ENV['LINE_CHANNEL_ID'], ENV['LINE_CHANNEL_SECRET']
+end
+```
+
+Add the OmniAuth callbacks routes to `config/routes.rb`:
+
+```ruby
+# config/routes.rb
+Rails.application.routes.draw do
+  devise_for :users, controllers: { omniauth_callbacks: 'users/omniauth_callbacks' }
+end
+```
+
+Add the OmniAuth configuration to your Devise model:
+
+```ruby
+class User < ApplicationRecord
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :validatable,
+         :omniauthable, omniauth_providers: [:line]
+end
+```
+
+### Configuration Options
+
+You can configure several options:
+
+```ruby
+# config/initializers/devise.rb
+Devise.setup do |config|
+  config.omniauth :line, ENV['LINE_CHANNEL_ID'], ENV['LINE_CHANNEL_SECRET'],
+    {
+      scope: 'profile openid', # Specify OAuth scopes
+      callback_path: '/custom/line/callback', # Custom callback path
+      prompt: 'consent', # Optional: force consent screen
+      bot_prompt: 'aggressive' # Optional: LINE official account linking
+    }
+end
+```
+
+Available scopes:
+
+- `profile` - Access to user's display name and profile image
+- `openid` - Required for ID token (includes user identifier)
+- `email` - Access to user's email address
+
+### Auth Hash
+
+After successful authentication, the auth hash will be available in `request.env['omniauth.auth']`:
+
+```ruby
+{
+  provider: 'line',
+  uid: 'U4af4980629...',
+  info: {
+    name: 'Taro Line',
+    nickname: 'U4af4980629...',
+    image: 'https://profile.line-scdn.net/...',
+    email: 'taro.line@example.com'
+  },
+  credentials: {
+    token: 'bNl4YEFPI/hjFWhTqexp4MuEw5YPs...',
+    expires: true,
+    expires_at: 1504169092,
+    refresh_token: 'Aa1FdeggRhTnPNNpxr8p'
+  },
+  extra: {
+    id_token: 'eyJhbGciOiJIUzI1NiJ9...',
+    id_info: {
+      iss: 'https://access.line.me',
+      sub: 'U4af4980629...',
+      aud: '1234567890',
+      exp: 1504169092,
+      iat: 1504263657,
+      auth_time: 1504263657,
+      nonce: '0987654asdf',
+      amr: ['pwd'],
+      name: 'Taro Line',
+      picture: 'https://profile.line-scdn.net/...',
+      email: 'taro.line@example.com'
+    }
+  }
+}
+```
+
+## Changelog
+
+See [CHANGELOG.md](https://github.com/cadenza-tech/omniauth-line-v2/blob/main/CHANGELOG.md).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/cadenza-tech/omniauth-line-v2. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/cadenza-tech/omniauth-line-v2/blob/main/CODE_OF_CONDUCT.md).
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://github.com/cadenza-tech/omniauth-line-v2/blob/main/LICENSE.txt).
+
+## Code of Conduct
+
+Everyone interacting in the OmniauthLineV2 project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/cadenza-tech/omniauth-line-v2/blob/main/CODE_OF_CONDUCT.md).
+
+## Sponsor
+
+You can sponsor this project on [Patreon](https://patreon.com/CadenzaTech).

data/Rakefile

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+RuboCop::RakeTask.new(:rubocop) do |task|
+  task.options = ['--format', ENV['RUBOCOP_FORMAT']] if ENV['RUBOCOP_FORMAT']
+end

data/lib/omniauth/line_v2/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module OmniAuth
+  module LineV2
+    VERSION = '2.0.0'
+  end
+end

data/lib/omniauth/strategies/line.rb

@@ -0,0 +1,112 @@
+# frozen_string_literal: true
+
+require 'omniauth-oauth2'
+require 'uri'
+
+module OmniAuth
+  module Strategies
+    class Line < OmniAuth::Strategies::OAuth2
+      DEFAULT_SCOPE = 'profile openid email'
+      ID_TOKEN_VERIFY_URL = 'https://api.line.me/oauth2/v2.1/verify'
+
+      option :name, 'line'
+      option :client_options, {
+        site: 'https://access.line.me',
+        authorize_url: '/oauth2/v2.1/authorize',
+        token_url: 'https://api.line.me/oauth2/v2.1/token'
+      }
+      option :authorize_options, [:scope, :state, :nonce, :prompt, :bot_prompt]
+      option :scope, DEFAULT_SCOPE
+
+      uid { id_token_info[:decoded]['sub'] }
+
+      info do
+        prune!({
+          name: id_token_info[:decoded]['name'],
+          nickname: id_token_info[:decoded]['sub'],
+          image: id_token_info[:decoded]['picture'],
+          email: id_token_info[:decoded]['email']
+        })
+      end
+
+      extra do
+        hash = {}
+        hash[:id_token] = id_token_info[:raw] if id_token_info[:raw]
+        hash[:id_info] = id_token_info[:decoded] if id_token_info[:decoded]
+        prune!(hash)
+      end
+
+      credentials do
+        hash = { token: access_token.token }
+        hash[:expires] = access_token.expires?
+        hash[:expires_at] = access_token.expires_at if access_token.expires?
+        hash[:refresh_token] = access_token.refresh_token if access_token.refresh_token
+        hash
+      end
+
+      def callback_url
+        options[:redirect_uri] || (full_host + callback_path)
+      end
+
+      def authorize_params # rubocop:disable Metrics/AbcSize
+        super.tap do |params|
+          options[:authorize_options].each do |key|
+            params[key] = request.params[key.to_s] unless empty?(request.params[key.to_s])
+          end
+          params[:scope] ||= DEFAULT_SCOPE
+          params[:nonce] ||= SecureRandom.hex(24)
+          params[:response_type] = 'code'
+          session['omniauth.state'] = params[:state] unless empty?(params[:state])
+          session['omniauth.nonce'] = params[:nonce] unless empty?(params[:nonce])
+        end
+      end
+
+      private
+
+      def prune!(hash)
+        hash.delete_if do |_, value|
+          prune!(value) if value.is_a?(Hash)
+          empty?(value)
+        end
+      end
+
+      def empty?(value)
+        value.nil? || (value.respond_to?(:empty?) && value.empty?)
+      end
+
+      def id_token_info
+        return @id_token_info if defined?(@id_token_info)
+
+        @id_token_info = { raw: nil, decoded: nil }
+        return @id_token_info unless access_token.params['id_token']
+
+        @id_token_info[:raw] = access_token.params['id_token']
+        @id_token_info[:decoded] = verify_and_decode_id_token(access_token.params['id_token'])
+        @id_token_info
+      end
+
+      def verify_and_decode_id_token(id_token)
+        params = {
+          id_token: id_token,
+          client_id: options.client_id
+        }
+        params[:nonce] = session.delete('omniauth.nonce') if session['omniauth.nonce']
+
+        response = client.request(
+          :post,
+          ID_TOKEN_VERIFY_URL,
+          headers: {
+            'Content-Type' => 'application/x-www-form-urlencoded'
+          },
+          body: URI.encode_www_form(params)
+        ).parsed
+
+        fail!(:id_token_verification_failed, CallbackError.new(:id_token_verification_failed, response['error_description'])) if response['error']
+
+        response
+      rescue StandardError => e
+        fail!(:id_token_verification_failed, e)
+      end
+    end
+  end
+end

data/lib/omniauth-line-v2.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+require 'omniauth/line_v2/version'
+require 'omniauth/strategies/line'

metadata

@@ -0,0 +1,83 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-line-v2
+version: !ruby/object:Gem::Version
+  version: 2.0.0
+platform: ruby
+authors:
+- Masahiro
+bindir: exe
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+description: LINE strategy for OmniAuth
+email:
+- watanabe@cadenza-tech.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rspec"
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/omniauth-line-v2.rb
+- lib/omniauth/line_v2/version.rb
+- lib/omniauth/strategies/line.rb
+homepage: https://github.com/cadenza-tech/omniauth-line-v2/tree/v2.0.0
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/cadenza-tech/omniauth-line-v2/tree/v2.0.0
+  source_code_uri: https://github.com/cadenza-tech/omniauth-line-v2/tree/v2.0.0
+  changelog_uri: https://github.com/cadenza-tech/omniauth-line-v2/blob/v2.0.0/CHANGELOG.md
+  bug_tracker_uri: https://github.com/cadenza-tech/omniauth-line-v2/issues
+  documentation_uri: https://rubydoc.info/gems/omniauth-line-v2/2.0.0
+  funding_uri: https://patreon.com/CadenzaTech
+  rubygems_mfa_required: 'true'
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.5.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: LINE strategy for OmniAuth
+test_files: []