omniauth-line-v2_1 0.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: cb969635fc2b09065bebf5373d123f43986a6730036a34329a2d53e6a64cae6e
+  data.tar.gz: b78c3a7a5d50a89d6ed15c533467d40c3588be0cf4c05799e957a36994b85ac4
+SHA512:
+  metadata.gz: beb775ade24ca083c3732d52a9b3428731d929ce6726170d23813f85f264e841059ed9db1a81de6a0fb963224c5015a4c7595b761bba8d5f427a150f6ace83df
+  data.tar.gz: e6d6e1548574c50864d9b49fc445222dda932c94933c9aa96f15803c7d067ce7e1ba7075daf12578c7bc84efb8b2cb5f150590ff730f31987317130d59727567

data/.rspec

@@ -0,0 +1,3 @@
+--require spec_helper
+--color
+--format documentation

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+# Changelog
+
+## [0.0.0] - 2025-07-26
+
+- Initial release

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2025 Masahiro
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,150 @@
+# OmniauthLineV2.1
+
+[![License](https://img.shields.io/github/license/cadenza-tech/omniauth-line-v2_1?label=License&labelColor=343B42&color=blue)](https://github.com/cadenza-tech/omniauth-line-v2_1/blob/main/LICENSE.txt) [![Tag](https://img.shields.io/github/tag/cadenza-tech/omniauth-line-v2_1?label=Tag&logo=github&labelColor=343B42&color=2EBC4F)](https://github.com/cadenza-tech/omniauth-line-v2_1/blob/main/CHANGELOG.md) [![Release](https://github.com/cadenza-tech/omniauth-line-v2_1/actions/workflows/release.yml/badge.svg)](https://github.com/cadenza-tech/omniauth-line-v2_1/actions?query=workflow%3Arelease) [![Test](https://github.com/cadenza-tech/omniauth-line-v2_1/actions/workflows/test.yml/badge.svg)](https://github.com/cadenza-tech/omniauth-line-v2_1/actions?query=workflow%3Atest) [![Lint](https://github.com/cadenza-tech/omniauth-line-v2_1/actions/workflows/lint.yml/badge.svg)](https://github.com/cadenza-tech/omniauth-line-v2_1/actions?query=workflow%3Alint)
+
+LINE Login v2.1 strategy for OmniAuth.
+
+- [Installation](#installation)
+- [Usage](#usage)
+  - [Rails Configuration with Devise](#rails-configuration-with-devise)
+  - [Configuration Options](#configuration-options)
+  - [Auth Hash](#auth-hash)
+- [Changelog](#changelog)
+- [Contributing](#contributing)
+- [License](#license)
+- [Code of Conduct](#code-of-conduct)
+- [Sponsor](#sponsor)
+
+## Installation
+
+Install the gem and add to the application's Gemfile by executing:
+
+```bash
+bundle add omniauth-line-v2_1
+```
+
+If bundler is not being used to manage dependencies, install the gem by executing:
+
+```bash
+gem install omniauth-line-v2_1
+```
+
+## Usage
+
+### Rails Configuration with Devise
+
+Add the following to `config/initializers/devise.rb`:
+
+```ruby
+# config/initializers/devise.rb
+Devise.setup do |config|
+  config.omniauth :line_v2_1, ENV['LINE_CHANNEL_ID'], ENV['LINE_CHANNEL_SECRET']
+end
+```
+
+Add the OmniAuth callbacks routes to `config/routes.rb`:
+
+```ruby
+# config/routes.rb
+Rails.application.routes.draw do
+  devise_for :users, controllers: { omniauth_callbacks: 'users/omniauth_callbacks' }
+end
+```
+
+Add the OmniAuth configuration to your Devise model:
+
+```ruby
+class User < ApplicationRecord
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :validatable,
+         :omniauthable, omniauth_providers: [:line_v2_1]
+end
+```
+
+### Configuration Options
+
+You can configure several options:
+
+```ruby
+# config/initializers/devise.rb
+Devise.setup do |config|
+  config.omniauth :line_v2_1, ENV['LINE_CHANNEL_ID'], ENV['LINE_CHANNEL_SECRET'],
+    {
+      scope: 'profile openid', # Specify OAuth scopes
+      callback_path: '/custom/line_v2_1/callback', # Custom callback path
+      prompt: 'consent', # Optional: force consent screen
+      bot_prompt: 'aggressive' # Optional: LINE official account linking
+    }
+end
+```
+
+Available scopes:
+
+- `profile` - Access to user's display name and profile image
+- `openid` - Required for ID token (includes user identifier)
+- `email` - Access to user's email address
+
+### Auth Hash
+
+After successful authentication, the auth hash will be available in `request.env['omniauth.auth']`:
+
+```ruby
+{
+  provider: 'line_v2_1',
+  uid: 'U4af4980629...',
+  info: {
+    name: 'Taro Line',
+    nickname: 'U4af4980629...',
+    image: 'https://profile.line-scdn.net/...',
+    email: 'taro.line@example.com'
+  },
+  credentials: {
+    token: 'bNl4YEFPI/hjFWhTqexp4MuEw5YPs...',
+    expires: true,
+    expires_at: 1504169092,
+    refresh_token: 'Aa1FdeggRhTnPNNpxr8p'
+  },
+  extra: {
+    raw_info: {
+      sub: 'U4af4980629...',
+      name: 'Taro Line',
+      picture: 'https://profile.line-scdn.net/...',
+      email: 'taro.line@example.com'
+    },
+    id_token: 'eyJhbGciOiJIUzI1NiJ9...',
+    id_info: {
+      iss: 'https://access.line.me',
+      sub: 'U4af4980629...',
+      aud: '1234567890',
+      exp: 1504169092,
+      iat: 1504263657,
+      auth_time: 1504263657,
+      nonce: '0987654asdf',
+      amr: ['pwd'],
+      name: 'Taro Line',
+      picture: 'https://profile.line-scdn.net/...',
+      email: 'taro.line@example.com'
+    }
+  }
+}
+```
+
+## Changelog
+
+See [CHANGELOG.md](https://github.com/cadenza-tech/omniauth-line-v2_1/blob/main/CHANGELOG.md).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/cadenza-tech/omniauth-line-v2_1. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/cadenza-tech/omniauth-line-v2_1/blob/main/CODE_OF_CONDUCT.md).
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://github.com/cadenza-tech/omniauth-line-v2_1/blob/main/LICENSE.txt).
+
+## Code of Conduct
+
+Everyone interacting in the OmniauthLineV2.1 project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/cadenza-tech/omniauth-line-v2_1/blob/main/CODE_OF_CONDUCT.md).
+
+## Sponsor
+
+You can sponsor this project on [Patreon](https://patreon.com/CadenzaTech).

data/Rakefile

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+RuboCop::RakeTask.new(:rubocop) do |task|
+  task.options = ['--format', ENV['RUBOCOP_FORMAT']] if ENV['RUBOCOP_FORMAT']
+end

data/lib/omniauth/line_v2_1/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module OmniAuth
+  module LineV21
+    VERSION = '0.0.0'
+  end
+end

data/lib/omniauth/strategies/line_v2_1.rb

@@ -0,0 +1,112 @@
+# frozen_string_literal: true
+
+require 'omniauth-oauth2'
+
+module OmniAuth
+  module Strategies
+    class LineV21 < OmniAuth::Strategies::OAuth2
+      DEFAULT_SCOPE = 'profile openid email'
+      USER_INFO_URL = 'https://api.line.me/oauth2/v2.1/userinfo'
+      ID_TOKEN_VERIFY_URL = 'https://api.line.me/oauth2/v2.1/verify'
+
+      option :name, 'line_v2_1'
+
+      option :client_options, {
+        site: 'https://access.line.me',
+        authorize_url: '/oauth2/v2.1/authorize',
+        token_url: 'https://api.line.me/oauth2/v2.1/token'
+      }
+
+      option :authorize_options, [:scope, :state, :nonce, :prompt, :bot_prompt]
+
+      option :scope, DEFAULT_SCOPE
+
+      uid { raw_info['sub'] }
+
+      info do
+        prune!({
+          name: raw_info['name'],
+          nickname: raw_info['sub'],
+          image: raw_info['picture'],
+          email: id_token_info[:decoded]['email']
+        })
+      end
+
+      extra do
+        hash = {}
+        hash[:raw_info] = raw_info unless skip_info?
+        hash[:id_token] = id_token_info[:raw] if id_token_info[:raw]
+        hash[:id_info] = id_token_info[:decoded] if id_token_info[:decoded]
+        prune!(hash)
+      end
+
+      credentials do
+        hash = { token: access_token.token }
+        hash[:expires] = access_token.expires?
+        hash[:expires_at] = access_token.expires_at if access_token.expires?
+        hash[:refresh_token] = access_token.refresh_token if access_token.refresh_token
+        hash
+      end
+
+      def raw_info
+        @raw_info ||= access_token.get(USER_INFO_URL, headers: { 'Authorization' => "Bearer #{access_token.token}" }).parsed
+      end
+
+      def callback_url
+        options[:redirect_uri] || (full_host + callback_path)
+      end
+
+      def authorize_params
+        super.tap do |params|
+          %w[scope state nonce prompt bot_prompt].each do |v|
+            params[v.to_sym] = request.params[v] if request.params[v]
+          end
+          params[:scope] ||= DEFAULT_SCOPE
+          params[:response_type] = 'code'
+          session['omniauth.state'] = params[:state] if params[:state]
+          session['omniauth.nonce'] = params[:nonce] if params[:nonce]
+        end
+      end
+
+      private
+
+      def prune!(hash)
+        hash.delete_if do |_, value|
+          prune!(value) if value.is_a?(Hash)
+          value.nil? || (value.respond_to?(:empty?) && value.empty?)
+        end
+      end
+
+      def id_token_info
+        return @id_token_info if defined?(@id_token_info)
+
+        @id_token_info = { raw: nil, decoded: nil }
+        return @id_token_info unless access_token.params['id_token']
+
+        @id_token_info[:raw] = access_token.params['id_token']
+        @id_token_info[:decoded] = verify_id_token(access_token.params['id_token'])
+        @id_token_info
+      end
+
+      def verify_id_token(id_token)
+        params = {
+          id_token: id_token,
+          client_id: options.client_id
+        }
+        params[:nonce] = session['omniauth.nonce'] if session['omniauth.nonce']
+
+        client.request(
+          :post,
+          ID_TOKEN_VERIFY_URL,
+          headers: {
+            'Content-Type' => 'application/x-www-form-urlencoded'
+          },
+          body: URI.encode_www_form(params)
+        ).parsed
+      rescue StandardError => e
+        log :error, "ID token verification failed: #{e.message}"
+        nil
+      end
+    end
+  end
+end

data/lib/omniauth-line-v2_1.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+require 'omniauth/line_v2_1/version'
+require 'omniauth/strategies/line_v2_1'

metadata

@@ -0,0 +1,83 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-line-v2_1
+version: !ruby/object:Gem::Version
+  version: 0.0.0
+platform: ruby
+authors:
+- Masahiro
+bindir: exe
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+description: LINE Login v2.1 strategy for OmniAuth
+email:
+- watanabe@cadenza-tech.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rspec"
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/omniauth-line-v2_1.rb
+- lib/omniauth/line_v2_1/version.rb
+- lib/omniauth/strategies/line_v2_1.rb
+homepage: https://github.com/cadenza-tech/omniauth-line-v2_1/tree/v0.0.0
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/cadenza-tech/omniauth-line-v2_1/tree/v0.0.0
+  source_code_uri: https://github.com/cadenza-tech/omniauth-line-v2_1/tree/v0.0.0
+  changelog_uri: https://github.com/cadenza-tech/omniauth-line-v2_1/blob/v0.0.0/CHANGELOG.md
+  bug_tracker_uri: https://github.com/cadenza-tech/omniauth-line-v2_1/issues
+  documentation_uri: https://rubydoc.info/gems/omniauth-line-v2_1/0.0.0
+  funding_uri: https://patreon.com/CadenzaTech
+  rubygems_mfa_required: 'true'
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.5.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: LINE Login v2.1 strategy for OmniAuth
+test_files: []