diff --git a/embedx/config.schema.json b/embedx/config.schema.json index 5fcf826f4c2a..0b3c198f265b 100644 --- a/embedx/config.schema.json +++ b/embedx/config.schema.json @@ -460,7 +460,8 @@ "linkedin", "linkedin_v2", "lark", - "x" + "x", + "line" ], "examples": ["google"] }, diff --git a/selfservice/strategy/oidc/provider_config.go b/selfservice/strategy/oidc/provider_config.go index 92b16fdf5f42..98a5e31726fc 100644 --- a/selfservice/strategy/oidc/provider_config.go +++ b/selfservice/strategy/oidc/provider_config.go @@ -177,6 +177,7 @@ var supportedProviders = map[string]func(config *Configuration, reg Dependencies "patreon": NewProviderPatreon, "lark": NewProviderLark, "x": NewProviderX, + "line": NewProviderLineV21, "jackson": NewProviderJackson, } diff --git a/selfservice/strategy/oidc/provider_line_2_1.go b/selfservice/strategy/oidc/provider_line_2_1.go new file mode 100644 index 000000000000..777ce678b1b1 --- /dev/null +++ b/selfservice/strategy/oidc/provider_line_2_1.go @@ -0,0 +1,41 @@ +// Copyright © 2024 Ory Corp +// SPDX-License-Identifier: Apache-2.0 + +package oidc + +import ( + "context" + + "golang.org/x/oauth2" +) + +type ProviderLineV21 struct { + *ProviderGenericOIDC +} + +func NewProviderLineV21( + config *Configuration, + reg Dependencies, +) Provider { + return &ProviderLineV21{ + &ProviderGenericOIDC{ + config: config, + reg: reg, + }, + } +} + +func (g *ProviderLineV21) Exchange(ctx context.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) { + o, err := g.ProviderGenericOIDC.OAuth2(ctx) + + if err != nil { + return nil, err + } + // Line login requires adding id_token_key_type=JWK when getting the token in order to issue an HS256 token. + opts = append(opts, oauth2.SetAuthURLParam("id_token_key_type", "JWK")) + + token, err := o.Exchange(ctx, code, opts...) + + return token, err + +} diff --git a/selfservice/strategy/oidc/provider_private_net_test.go b/selfservice/strategy/oidc/provider_private_net_test.go index 0505a3e19626..33e26bd14b54 100644 --- a/selfservice/strategy/oidc/provider_private_net_test.go +++ b/selfservice/strategy/oidc/provider_private_net_test.go @@ -86,6 +86,7 @@ func TestProviderPrivateIP(t *testing.T) { // Yandex uses a fixed token URL and does not use the issuer. // NetID uses a fixed token URL and does not use the issuer. // X uses a fixed token URL and userinfoRL and does not use the issuer value. + // Line v2.1 uses a fixed token URL and does not use the issuer. } { t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) { p := tc.p(tc.c)