feat: add support for Line v2.1 OIDC provider (#4240)

Jack-R-Hong · aeneasr · alnr · web-flow · commit 729effd61e4b · 2025-05-14T14:38:36.000+02:00
For OIDC Line Login, you only need to add id_token_key_type=JWK in the exchange step to issue tokens in ES256 format. #1116 --------- Co-authored-by: hackerman <3372410+aeneasr@users.noreply.github.com> Co-authored-by: Arne Luenser <arne.luenser@ory.sh>
diff --git a/embedx/config.schema.json b/embedx/config.schema.json
@@ -510,6 +510,7 @@
             "netid",
             "dingtalk",
             "patreon",
+            "line",
             "linkedin",
             "linkedin_v2",
             "lark",
diff --git a/selfservice/strategy/oidc/provider_config.go b/selfservice/strategy/oidc/provider_config.go
@@ -186,6 +186,7 @@ var supportedProviders = map[string]func(config *Configuration, reg Dependencies
 	"patreon":     NewProviderPatreon,
 	"lark":        NewProviderLark,
 	"x":           NewProviderX,
+	"line":        NewProviderLineV21,
 	"jackson":     NewProviderJackson,
 	"fedcm-test":  NewProviderTestFedcm,
 }
diff --git a/selfservice/strategy/oidc/provider_line_2_1.go b/selfservice/strategy/oidc/provider_line_2_1.go
@@ -0,0 +1,41 @@
+// Copyright © 2024 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
+package oidc
+
+import (
+	"context"
+
+	"golang.org/x/oauth2"
+)
+
+type ProviderLineV21 struct {
+	*ProviderGenericOIDC
+}
+
+func NewProviderLineV21(
+	config *Configuration,
+	reg Dependencies,
+) Provider {
+	return &ProviderLineV21{
+		&ProviderGenericOIDC{
+			config: config,
+			reg:    reg,
+		},
+	}
+}
+
+func (g *ProviderLineV21) Exchange(ctx context.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) {
+	o, err := g.ProviderGenericOIDC.OAuth2(ctx)
+
+	if err != nil {
+		return nil, err
+	}
+	// Line login requires adding id_token_key_type=JWK when getting the token in order to issue an HS256 token.
+	opts = append(opts, oauth2.SetAuthURLParam("id_token_key_type", "JWK"))
+
+	token, err := o.Exchange(ctx, code, opts...)
+
+	return token, err
+
+}
diff --git a/selfservice/strategy/oidc/provider_private_net_test.go b/selfservice/strategy/oidc/provider_private_net_test.go
@@ -86,6 +86,7 @@ func TestProviderPrivateIP(t *testing.T) {
 		// Yandex uses a fixed token URL and does not use the issuer.
 		// NetID uses a fixed token URL and does not use the issuer.
 		// X uses a fixed token URL and userinfoRL and does not use the issuer value.
+		// Line v2.1 uses a fixed token URL and does not use the issuer.
 	} {
 		t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {
 			p := tc.p(tc.c)

Original file line number	Diff line number	Diff line change
`@@ -186,6 +186,7 @@ var supportedProviders = map[string]func(config *Configuration, reg Dependencies`
`186`	`186`	`"patreon": NewProviderPatreon,`
`187`	`187`	`"lark": NewProviderLark,`
`188`	`188`	`"x": NewProviderX,`
	`189`	`+ "line": NewProviderLineV21,`
`189`	`190`	`"jackson": NewProviderJackson,`
`190`	`191`	`"fedcm-test": NewProviderTestFedcm,`
`191`	`192`	`}`