Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Best Practices and What’s New with LINE SDK

Best Practices and What’s New with LINE SDK

Eebedc2ee7ff95ffb9d9102c6d4a065c?s=128

LINE DevDay 2020

November 26, 2020
Tweet

Transcript

  1. None
  2. Agenda › Introduction › What’s New in LINE SDK ›

    Best Practices
  3. What is LINE SDK? Provides a modern way of implementing

    LINE Login and LINE APIs on mobile platforms.
  4. Easy login for users LINE Login Talk to LINE service

    LINE APIs Simplify your work Built-in UI
  5. Versions We are keeping to deliver high quality SDKs to

    help your development, on multiple platforms. 2020 2019.02 LINE SDK for Unity 2017.04 LINE SDK v4 2019.07 LINE SDK for Flutter 2018.11 LINE SDK v5 Open Source 2014.02 LINE SDK v3
  6. › Get authorization in a trustable way › Create your

    users system based on their LINE accounts › Get permissions (access token) to use other LINE APIs LINE Login For more, visit LINE Developers Console: https://developers.line.biz/
  7. What’s New in LINE SDK

  8. One-Time Sharing

  9. One-Time Sharing Sending messages to LINE app New Messages

  10. Workflow One-Time Sharing One-Time Sharing Create a Message Choose Destination

    Send the Message Get Permissions
  11. Workflow One-Time Sharing One-Time Sharing Create a Message Choose Destination

    Send the Message Get Permissions › ONETIME_SHARE feature license in your Channel Requirement: › onetime.share permission from user in your app
  12. LoginManager.shared.login( permissions: [.profile, .oneTimeShare], // … )

  13. Workflow One-Time Sharing One-Time Sharing Create a Message Choose Destination

    Send the Message Get Permissions LINE SDK provides a beautiful interface to create messages. › Text › Image › Video › Audio › Location › Template › Flexible
  14. Text Message Template Message Flexible Message Message Types Some Examples

    Compatible with Swift (Swift an the Swift lo o a e t a ema of pple n
  15. Workflow One-Time Sharing One-Time Sharing Create a Message Choose Destination

    Send the Message Get Permissions
  16. Workflow One-Time Sharing One-Time Sharing Create a Message Choose Destination

    Send the Message Get Permissions Built-in friends/groups picker
  17. Workflow One-Time Sharing One-Time Sharing Create a Message Choose Destination

    Send the Message Get Permissions Built-in friends/groups picker › Just one line code, easy to use
  18. Workflow One-Time Sharing One-Time Sharing Create a Message Choose Destination

    Send the Message Get Permissions Built-in friends/groups picker › Just one line code, easy to use › A universal user experience
  19. Workflow One-Time Sharing One-Time Sharing Create a Message Choose Destination

    Send the Message Get Permissions Built-in friends/groups picker › Just one line code, easy to use › A universal user experience › Customizable (tint color, text color)
  20. Workflow One-Time Sharing One-Time Sharing Create a Message Choose Destination

    Send the Message Get Permissions Built-in friends/groups picker › Just one line code, easy to use › A universal user experience › Customizable (tint color, text color)
  21. Workflow One-Time Sharing One-Time Sharing Create a Message Choose Destination

    Send the Message Get Permissions Built-in friends/groups picker › Just one line code, easy to use › A universal user experience › Customizable (tint color, text color) It is also possible if you want to create the UI from scratch yourself.
  22. Workflow One-Time Sharing One-Time Sharing Create a Message Choose Destination

    Send the Message Get Permissions Nothing to worry about if using built-in picker
  23. Workflow One-Time Sharing One-Time Sharing Create a Message Choose Destination

    Send the Message Get Permissions Nothing to worry about if using built-in picker If you are building UI yourself… › Issue a one-time sharing token based on user action. › Call message sending API with that token immediately.
  24. One-Time Sharing Summary

  25. One-Time Sharing Summary Sending messages from your app to LINE

  26. One-Time Sharing Summary Sending messages from your app to LINE

    Feature license and permission is required
  27. One-Time Sharing Summary Sending messages from your app to LINE

    Feature license and permission is required Delightful & powerful message APIs
  28. One-Time Sharing Summary Sending messages from your app to LINE

    Feature license and permission is required Delightful & powerful message APIs Built-in & customizable UI
  29. LINE OpenChat A talk room for common interests and topics

    Started from 2019.08 Make a group without the friend relationship
  30. OpenChat Support Create and Join New OpenChat Room

  31. Feature License & Permission OpenChat Support Feature License (Channel) Permission

    (Client) OPENCHAT_TERM_AGREEMENT_STATUS openchat.term.agreement.status OPENCHAT_INFO openchat.info OPENCHAT_CREATE_AND_JOIN openchat.create.join
  32. Workflow OpenChat Support

  33. Workflow OpenChat Support Create a room

  34. Workflow OpenChat Support Create a room Collect info.

  35. Creating a Room OpenChat Support Room Name Description Category

  36. Workflow OpenChat Support Create a room Collect info.

  37. Workflow OpenChat Support Room info.

  38. Workflow OpenChat Support Room info. Room ID, URL

  39. Workflow OpenChat Support Room ID, URL

  40. Workflow OpenChat Support URL

  41. OpenChat Support Summary

  42. OpenChat Support Summary Creating and joining an OpenChat room

  43. OpenChat Support Summary Creating and joining an OpenChat room Feature

    license and permission is required
  44. OpenChat Support Summary Creating and joining an OpenChat room Feature

    license and permission is required Increasing customer stickiness
  45. OpenChat Support Summary Creating and joining an OpenChat room Feature

    license and permission is required Increasing customer stickiness Built-in & customizable UI
  46. Other Changes UI Locales support Localization for Web Login New

    refreshing model Refreshable Refresh Token PKCE Support Better OAuth Compatibility
  47. Localization for Web Login UI Locales Support New

  48. Localization for Web Login UI Locales Support New

  49. Better OAuth Compatibility PKCE Support New Identify user when exchanging

    access token when login
  50. Better OAuth Compatibility PKCE Support New Before One Time Password

    (OTP) challenge Identify user when exchanging access token when login
  51. Better OAuth Compatibility PKCE Support New Before One Time Password

    (OTP) challenge RFC 7637 Now Proof Key for Code Exchange (PKCE) Identify user when exchanging access token when login
  52. Better OAuth Compatibility PKCE Support New Same security level Full

    OAuth 2.0 Compatibility
  53. Better OAuth Compatibility PKCE Support New Same security level Full

    OAuth 2.0 Compatibility
  54. Tokens in LINE SDK Access Token Refresh Token

  55. Refresh Token Default refreshing model Valid Days 0 30 60

    90 120 Access Token Refresh Token
  56. Refresh Token Default refreshing model Valid Days 0 30 60

    90 120 Access Token Refresh Token
  57. Refresh Token Default refreshing model Valid Days 0 30 60

    90 120 Access Token Refresh Token
  58. Refresh Token Default refreshing model Valid Days 0 30 60

    90 120 Access Token Refresh Token
  59. Refresh Token Default refreshing model Valid Days 0 30 60

    90 120 Access Token Refresh Token New authorization required
  60. Refreshable Refresh Token The new opt-in refreshable model Valid Days

    0 30 60 90 120 Access Token Refresh Token New
  61. Refreshable Refresh Token The new opt-in refreshable model Valid Days

    0 30 60 90 120 Access Token Refresh Token New
  62. Refreshable Refresh Token The new opt-in refreshable model Valid Days

    0 30 60 90 120 Access Token Refresh Token New
  63. Refreshable Refresh Token The new opt-in refreshable model Valid Days

    0 30 60 90 120 Access Token Refresh Token New
  64. Refreshable Refresh Token The new opt-in refreshable model Valid Days

    0 30 60 90 120 Access Token Refresh Token New
  65. Refreshable Refresh Token The new opt-in refreshable model Valid Days

    0 30 60 90 120 Access Token Refresh Token New
  66. Choose Refresh Model 0 30 60 90 120 0 30

    60 90 120
  67. Choose Refresh Model 0 30 60 90 120 0 30

    60 90 120 Default Model
  68. Choose Refresh Model 0 30 60 90 120 0 30

    60 90 120 Default Model › Default for all channels
  69. Choose Refresh Model 0 30 60 90 120 0 30

    60 90 120 Default Model › Default for all channels › For general use cases
  70. Choose Refresh Model 0 30 60 90 120 0 30

    60 90 120 Default Model › Default for all channels › For general use cases › Existing implementation not affected
  71. Choose Refresh Model 0 30 60 90 120 0 30

    60 90 120 Default Model Refreshable Model › Default for all channels › For general use cases › Existing implementation not affected
  72. Choose Refresh Model 0 30 60 90 120 0 30

    60 90 120 Default Model Refreshable Model › Default for all channels › For general use cases › Existing implementation not affected › Require special feature license
  73. Choose Refresh Model 0 30 60 90 120 0 30

    60 90 120 Default Model Refreshable Model › Default for all channels › For general use cases › Existing implementation not affected › Require special feature license › For frequency users and situations
  74. Choose Refresh Model 0 30 60 90 120 0 30

    60 90 120 Default Model Refreshable Model › Default for all channels › For general use cases › Existing implementation not affected › Require special feature license › For frequency users and situations › LINE SDK upgrade not needed
  75. Best Practices

  76. Do not trust client Your server should not trust unsigned

    information from Client Your Server LINE SDK Your App
  77. Do not trust client Your server should not trust unsigned

    information from Client Your Server LINE SDK Your App Login
  78. Do not trust client Your server should not trust unsigned

    information from Client Your Server LINE SDK Your App Login User ID, name access token
  79. Do not trust client Your server should not trust unsigned

    information from Client Your Server LINE SDK Your App Login User ID, name access token User ID, name
  80. Do not trust client Your server should not trust unsigned

    information from Client Your Server LINE SDK Your App Login User ID, name access token User ID, name
  81. Do not trust client Your server should not trust unsigned

    information from Client Your Server LINE SDK Your App Login User ID, name access token
  82. Do not trust client Your server should not trust unsigned

    information from Client Your Server LINE SDK Your App Login User ID, name access token access token
  83. Do not trust client Your server should not trust unsigned

    information from Client Your Server LINE SDK Your App access token
  84. Do not trust client Your server should not trust unsigned

    information from Client Your Server LINE SDK Your App access token LINE Server
  85. Do not trust client Your server should not trust unsigned

    information from Client Your Server LINE SDK Your App access token LINE Server /profile API
  86. Do not trust client Your server should not trust unsigned

    information from Client Your Server LINE SDK Your App access token LINE Server /profile API User ID, name
  87. Prefer Using ID Token If you only need to identify

    user instead of using other LINE APIs
  88. Prefer Using ID Token If you only need to identify

    user instead of using other LINE APIs Your Server LINE SDK Your App LINE Server Login
  89. Prefer Using ID Token If you only need to identify

    user instead of using other LINE APIs Your Server LINE SDK Your App LINE Server Login req: ID Token
  90. Prefer Using ID Token If you only need to identify

    user instead of using other LINE APIs Your Server LINE SDK Your App LINE Server Login ID Token req: ID Token
  91. Prefer Using ID Token If you only need to identify

    user instead of using other LINE APIs Your Server LINE SDK Your App LINE Server Login ID Token ID Token req: ID Token
  92. What is ID Token

  93. What is ID Token A JSON Web Token containing user

    information
  94. What is ID Token Safely signed with ECDSA A JSON

    Web Token containing user information
  95. What is ID Token Safely signed with ECDSA A JSON

    Web Token containing user information You need to verify it against LINE’s public key
  96. Verify the ID Token

  97. Verify the ID Token Your Server LINE SDK Your App

    ID Token LINE Server Login ID Token req: ID Token
  98. Verify the ID Token Your Server LINE SDK Your App

    ID Token LINE Server Login ID Token req: ID Token Verify on your server
  99. Verify the ID Token Your Server LINE SDK Your App

    ID Token LINE Server Login ID Token req: ID Token Verify against LINE /oauth2/v2.1/verify
  100. Verify the Login Creating a secure login process between your

    app and server Documentation Verify ID Token Verify Access Token https://developers.line.biz/en/docs/line-login/secure-login-process/#using-access-tokens-to-register-new-users https://developers.line.biz/en/reference/social-api/#verify-access-token https://developers.line.biz/en/reference/social-api/#verify-id-token Use ID Token in LINE SDK https://developers.line.biz/en/docs/line-login/integrate-line-login/#verify-id-token
  101. Prefer using Universal Link This prevents URL scheme hijacking

  102. URL Scheme for LINE SDK line3rdp.$(app_bundle_id)://

  103. URL Scheme for LINE SDK line3rdp.$(app_bundle_id)://

  104. Use Universal Link To skip the confirmation before returning, use

    Universal Link to provide a safe navigation 1. Set up “iOS universal link” in LINE Developers Console. 2. Set up the domain and link it to your app. 3. Initialize LINE SDK with universal link.
  105. Use Universal Link To skip the confirmation before returning, use

    Universal Link to provide a safe navigation Universal Links for Developers https://developer.apple.com/ios/universal-links/ 1. Set up “iOS universal link” in LINE Developers Console. 2. Set up the domain and link it to your app. 3. Initialize LINE SDK with universal link.
  106. Use Universal Link To skip the confirmation before returning, use

    Universal Link to provide a safe navigation let url = URL( string: "https://your-awesome-app.com/line-login" ) LoginManager.shared.setup( channelID: channelID, universalLinkURL: url ) 1. Set up “iOS universal link” in LINE Developers Console. 2. Set up the domain and link it to your app. 3. Initialize LINE SDK with universal link.
  107. Use Universal Link To skip the confirmation before returning, use

    Universal Link to provide a safe navigation https://developers.line.biz/en/docs/ios-sdk/swift/universal-links-support/ Using universal links Documentation 1. Set up “iOS universal link” in LINE Developers Console. 2. Set up the domain and link it to your app. 3. Initialize LINE SDK with universal link.
  108. Do Not Refresh Token on Your Server

  109. Do Not Refresh Token on Your Server Your Server LINE

    SDK Your App Access Token Refresh Token LINE Server Login Access Token Refresh Token Refresh Token
  110. Do Not Refresh Token on Your Server Your Server LINE

    SDK Your App Access Token Refresh Token LINE Server Login Access Token Refresh Token Refresh Token
  111. Do Not Refresh Token on Your Server Your Server LINE

    SDK Your App Access Token Refresh Token LINE Server Login Access Token
  112. Do Not Refresh Token on Your Server Your Server LINE

    SDK Your App Access Token Refresh Token LINE Server Login Access Token Refresh Token
  113. Do Not Refresh Token on Your Server Your Server LINE

    SDK Your App Access Token Refresh Token LINE Server Login Access Token Refresh Token Access Token
  114. Recommended Way to Refresh

  115. Recommended Way to Refresh Do Nothing

  116. Recommended Way to Refresh Just leave it to LINE SDK

    Do Nothing
  117. Auto Refreshing Just leave it to LINE SDK

  118. Auto Refreshing Just leave it to LINE SDK All public

    API calls refresh the access token when necessary
  119. Auto Refreshing Just leave it to LINE SDK All public

    API calls refresh the access token when necessary Your app can get a notification when the token refreshed
  120. Auto Refreshing Just leave it to LINE SDK All public

    API calls refresh the access token when necessary Your app can get a notification when the token refreshed An error happens when the refresh token also expires
  121. Auto Refreshing Just leave it to LINE SDK Do not

    try to refresh the token yourself. (Although it is not forbidden.)
  122. Conclusions

  123. Safety & Privacy No client tracking, no server-controlled behavior.

  124. First-Class Project What we are providing, is what we are

    using.
  125. Check it under https://github.com/line LINE SDK is Open Source Software

  126. Add LINE SDK to your app Become business partner Register

    as a LINE developer https://developers.line.biz/ https://developers.line.biz/en/docs/ https://www.linebiz.com/jp/contact/
  127. Thank you!