參考資訊
- Integrating LINE Login with your web app | LINE Developers
- LINE Login v2.1 API reference | LINE Developers
--
流程一:到開發者後台建立 LINE 登入的 App channel
- 登入 LINE Developers
- 建立或選擇 Provider
- 點選「Create new channel」 → 選擇「LINE Login」 → 填寫資料
- 切換「App settings」分頁,輸入 Callback URL 必須是 https://
--
流程二:使用程式取得登入後的 LINE 使用者 id
步驟
- 使用 https://access.line.me/oauth2/v2.1/authorize 取得 code,取得的方式是後台設定的 Callback URL
- 將取得的 code 丟給 https://api.line.me/oauth2/v2.1/token 來換 access_token
- 將 access_token 丟給 https://api.line.me/v2/profile 來取得使用者資料
範例:
發送以下網址
1 |
https://access.line.me/oauth2/v2.1/authorize?response_type=code&client_id=2009999994&redirect_uri=https://upad12.com/LineLoginCallback&state=xxxxxxx&scope=profile%20openid |
順利的話在後台設定的 Callback URL 就會得到類似
1 |
https://upad12.com/LineLoginCallback?code=r2ySgfyxxxxxxwArlEL&state=xxxxxxx |
自己寫程式去撈 code 變數,將 code 丟給 token
1 |
curl -X POST https://api.line.me/oauth2/v2.1/token -H 'Content-Type: application/x-www-form-urlencoded' -d 'grant_type=authorization_code' -d 'code=r2ySgfyxxxxxxwArlEL' -d 'redirect_uri=https://upad12.com/LineLoginCallback' -d 'client_id=2009999994' -d 'client_secret=3c3208e66666666666edc1211c0051b6' |
順利的話可以得到類似
1 |
{"access_token":"eyJhbGciOiJIUzI1NiJ9.GBSwhR_IGb9-jbzZni8ixxxxxxxxxHPHAU_pw3R4U07ITuI_HGOjjy4gAzJIxxxxxxxESciryN6G3sI_dPawXUC0uM9e8wBTs6xEKxw-4P1x22ibNmKG5OuCLcM2INgQAk5tuLwhrK5ZkxWPI.G2pC3NbgGPkE21cxgUhSxiry936a29zFJnA1KEQj3xA","token_type":"Bearer","refresh_token":"07tPqcV5CND6YGq","expires_in":2592000,"scope":"profile openid","id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2FjY2Vzcy5saW5lLm1lIiwic3ViIjoiVTA1YzVlZDNkNGRlYTljNDI5Y2MyMzBjMGM2M2E5NzZmIiwiYXVkIjoiMjAwNTYxMTc5NCIsImV4cCI6MTcxONzE4MjY3NzUzLCJhbXIiOlsibGluZXNzbyJdLCJuYW1lIjoiaG95byDmqILlkpbpu5EiLCJwaWN0dXJlIjoiaHR0cHM6Ly9wcm9maWxlLmxpbmUtc2Nkbi5uZXQvMGg1ZmJPVWRMb2FrbGZObm9OM0hBVkhtTKeWxrWmk1NkFINGFNd04zTG5walppdDBEeW9hWmxRaEtpOHhOWHgyIn0.ZYFgZ98T-cNHTRN2Flqhc_LiVQ3x_j33_f0UEDRMK4k"} |
最後把 access_token 丟到 profile 取得登入使用者資料
1 |
curl -v -X GET https://api.line.me/v2/profile -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.GBSwhR_IGb9-jbzZni8ixxxxxxxxxHPHAU_pw3R4U07ITuI_HGOjjy4gAzJIxxxxxxxESciryN6G3sI_dPawXUC0uM9e8wBTs6xEKxw-4P1x22ibNmKG5OuCLcM2INgQAk5tuLwhrK5ZkxWPI.G2pC3NbgGPkE21cxgUhSxiry936a29zFJnA1KEQj3xA' |
就可以得到
1 |
{"userId":"U05c5ed3d4xxxxxxxx30c0c63a976f","displayName":"hoyo 樂咖黑","pictureUrl":"https://profile.line-scdn.net/0h5fbO2gqxaklPNnoN3HAUNj9maSNsRzNbYwUxxxxxxxxxxxxxxx1Qgen03MX1DJR0vUWCWfUgGN3hzAiofY1Ytqg"} |
--
https://access.line.me/oauth2/v2.1/authorize?
?後面接上參數,說明如下
參數 | 類型 | 必填? | 描述 |
---|---|---|---|
response_type |
字串 | 必填 | code |
client_id |
字串 | 必填 | LINE登錄頻道ID。您可以在LINE開發者控制台中找到它。 |
redirect_uri |
字串 | 必填 | 在LINE開發者控制台上註冊的回調URL的URL編碼字串。您可以新增任何查詢參數。 |
state |
字串 | 必填 | 用於防止的唯一字母數位字串跨站請求偽造 (開啟新視窗).Web 應用應為每個登錄會話生成一個隨機值。這不能是 URL 編碼的字串。 |
scope |
字串 | 必填 | 從使用者請求的許可權。有關詳細資訊,請參閱作用域。 |
如果需要傳遞額外的參數,就附加在 redirect_uri 上,例如要和帳號綁定 LINE 帳號需要 user_id,那就可以在網址後面加上 ?user_id=xxxx 這樣傳遞,不過後面 token 的 redirect_uri 也要相同
scope 說明
Scope | Profile information |
ID token (including user ID) |
Display name in ID token |
Profile image URL in ID token |
Email address in ID token |
---|---|---|---|---|---|
profile |
✓ | - | - | - | - |
profile%20openid |
✓ | ✓ | ✓ | ✓ | - |
profile%20openid%20email |
✓ | ✓ | ✓ | ✓ | ✓ (see note) |
openid |
- | ✓ | - | - | - |
openid%20email |
- | ✓ | - | - | ✓ (see note) |
登入開始需要用程式來處理一些參數,例如 state ,當然固定值也可以
如果 redirect_uri 有特殊字元 ? & 就需要使用 urlencode() 來編碼
1 |
<a href="https://access.line.me/oauth2/v2.1/authorize?response_type=code&client_id=2005611794&redirect_uri=https%3A%2F%2Fupad12.com%2FLineLoginCallback%3Faction%3Dbind&state=666be51e8c72c&scope=profile%20openid">進行綁定</a> |
--
https://api.line.me/oauth2/v2.1/token
grant_type | authorization_code |
code | 從 LINE 平台收到的授權碼 |
redirect_uri | 與授權請求redirect_uri中指定的值相同。 |
client_id | 在LINE 開發者控制台中找到。 |
client_secret | 在LINE 開發者控制台中找到。 |
PHP 程式範例
1 2 3 4 5 6 7 8 9 10 11 12 13 |
$post = [ 'grant_type' => 'authorization_code', 'code' => $_GET['code'], 'redirect_uri' => call_back_url, 'client_id' => client_id, 'client_secret' => client_secret, ]; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://api.line.me/oauth2/v2.1/token'); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $response = json_decode(curl_exec($ch), true); curl_close($ch); |
--
https://api.line.me/v2/profile
PHP 程式範例
1 2 3 4 5 6 |
$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://api.line.me/v2/profile'); curl_setopt($ch, CURLOPT_HTTPHEADER, ['Authorization: Bearer '. $response['access_token']]); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $response = json_decode(curl_exec($ch), true); curl_close($ch); |
--
PHP curl 完整程式範例
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
<?php define("call_back_url", 'https://upad12.com/LineLoginCallback'); define("client_id", '2009999994'); define("client_secret", '3c3208e66666666666edc1211c0051b6'); if ($_GET['code'] != '') { $post = [ 'grant_type' => 'authorization_code', 'code' => $_GET['code'], 'redirect_uri' => call_back_url, 'client_id' => client_id, 'client_secret' => client_secret, ]; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://api.line.me/oauth2/v2.1/token'); //curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded')); curl_setopt($ch, CURLINFO_HEADER_OUT, true); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $response = json_decode(curl_exec($ch), true); $info = curl_getinfo($ch); curl_close($ch); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://api.line.me/v2/profile'); curl_setopt($ch, CURLOPT_HTTPHEADER, ['Authorization: Bearer '. $response['access_token']]); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $response = json_decode(curl_exec($ch), true); curl_close($ch); } |
--
680 total views, 1 views today