Add an option to set custom token nonce

onevdog · onevdog · commit fd1034767ac9 · 2021-10-27T11:15:42.000+09:00
diff --git a/ios/Classes/SwiftFlutterLineSdkPlugin.swift b/ios/Classes/SwiftFlutterLineSdkPlugin.swift
@@ -130,23 +130,23 @@ extension LineChannelMethod {
     }
 
     let scopes = (args["scopes"] as? [String])?.map { LoginPermission(rawValue: $0) } ?? [.profile]
-    let onlyWebLogin = (args["onlyWebLogin"] as? Bool) ?? false
-
-    var options: LoginManagerOptions = []
-    if onlyWebLogin { options = .onlyWebLogin }
-
+    
+    var parameters = LoginManager.Parameters()
+    parameters.onlyWebLogin = (args["onlyWebLogin"] as? Bool) ?? false
+    parameters.IDTokenNonce = args["idTokenNonce"] as? String
+      
     if let botPrompt = args["botPrompt"] as? String {
       switch botPrompt {
-      case "aggressive": options.insert(.botPromptAggressive)
-      case "normal": options.insert(.botPromptNormal)
+      case "aggressive": parameters.botPromptStyle = .aggressive
+      case "normal": parameters.botPromptStyle = .normal
       default: break
       }
     }
 
     LoginManager.shared.login(
       permissions: Set(scopes),
       in: nil,
-      options: options) { r in
+      parameters: parameters) { r in
         switch r {
         case .success(let value): result(value.json)
         case .failure(let error): result(error.flutterError)
@@ -173,7 +173,7 @@ extension LineChannelMethod {
   }
 
   func refreshToken(arguments: [String: Any]?, result: @escaping FlutterResult) {
-    API.refreshAccessToken { r in
+    API.Auth.refreshAccessToken { r in
       switch r {
       case .success(let value): result(value.json)
       case .failure(let error): result(error.flutterError)
@@ -182,7 +182,7 @@ extension LineChannelMethod {
   }
 
   func verifyAccessToken(arguments: [String: Any]?, result: @escaping FlutterResult) {
-    API.verifyAccessToken { r in
+    API.Auth.verifyAccessToken { r in
       switch r {
       case .success(let value): result(value.json)
       case .failure(let error): result(error.flutterError)
diff --git a/lib/src/line_sdk.dart b/lib/src/line_sdk.dart
@@ -100,7 +100,8 @@ class LineSDK {
       'loginRequestCode': option?.requestCode,
       'scopes': scopes,
       'onlyWebLogin': option?.onlyWebLogin,
-      'botPrompt': option?.botPrompt
+      'botPrompt': option?.botPrompt,
+      'idTokenNonce': option?.idTokenNonce,
     }).then((value) => LoginResult._(_decodeJson(value)));
   }
 
diff --git a/lib/src/model/login_option.dart b/lib/src/model/login_option.dart
@@ -42,6 +42,12 @@ class LoginOption {
   /// Request code that LINE login activity will be called with.
   int requestCode;
 
+  /// Sets the nonce value for ID token verification. This value is used when requesting user authorization
+  /// with `.openID` permission to prevent replay attacks to your backend server. If not set, LINE SDK will
+  /// generate a random value as the token nonce. Whether set or not, LINE SDK verifies against the nonce value
+  /// in received ID token locally.
+  String? idTokenNonce;
+
   LoginOption(this.onlyWebLogin, this.botPrompt,
       {this.requestCode = DEFAULT_ACTIVITY_RESULT_REQUEST_CODE});
 }

Original file line number	Diff line number	Diff line change
`@@ -100,7 +100,8 @@ class LineSDK {`
`100`	`100`	`'loginRequestCode': option?.requestCode,`
`101`	`101`	`'scopes': scopes,`
`102`	`102`	`'onlyWebLogin': option?.onlyWebLogin,`
`103`		`- 'botPrompt': option?.botPrompt`
	`103`	`+ 'botPrompt': option?.botPrompt,`
	`104`	`+ 'idTokenNonce': option?.idTokenNonce,`
`104`	`105`	`}).then((value) => LoginResult._(_decodeJson(value)));`
`105`	`106`	`}`
`106`	`107`