Retrieving User Information by Using LINE Profile+

LINE, a social media provider used extensively in Japan and other parts of Asia, recently introduced a new type of developer account: Profile+. This new account type determines the user profile information you can retrieve when using LINE as a social login provider: the API response you get back following a user authentication can now vary depending on whether your LINE social login app was created with a Profile+ developer account or with a standard developer account.

Note. The Profile+ account type isn’t anything you can get on your own (i.e., by clicking a checkbox on a web page). Instead, you must go through an application process and then be approved by LINE before you can upgrade to a Profile+ account. Contact your LINE representative for more information.

Without Profile+, there are two scopes (available to developers creating social login apps for LINE:

Scope

User Profile Attributes Returned

email_address

  • email. The user’s email address.

profile

  • id. Unique identifier of the user account.
  • name. The user’s display name.
  • picture. URL that points to a picture of the user.

Not too surprisingly, these are the same scopes that, up until now, appear in the Identity Cloud’s Social Login dashboard:

To return a user’s email address or profile information you simply select the appropriate scope.

With Profile+, LINE has expanded the number of scopes available to developers; in turn, that expands the amount of user profile information that can be returned following a successful authentication. In addition to the email_address and profile scopes (which are still available), Profile+ provides access to the following:

Scope

User Profile Attributes Returned

real_name

  • given_name. The user’s first name.
  • middle_name. The user’s middle name or middle initial.
  • family_name. The user’s last name.

gender

  • gender. The user’s preferred gender.

birthdate

  • birthdate. The user’s date of birth. The birthdate is returned using the format Year-Month-Day; for example, the date December 19, 1989 looks like this:
    1989-12-19

phone

  • phone. The user’s phone number. Phone numbers are returned using the E.164 format, in which the phone number is prefaced by a plus sign (+) and a country code. For example, the US phone number 555-126-0344 looks like this:
    +15551260344
    That’s simply the phone number (555-126-0344) preceded by a plus sign and a 1, the country code for the US.

address

  • postal_code. The user’s ZIP/postal code.      
  • region. The user’s region, province, or state.
  • locality. The user’s city of residence.
  • street_address. The user’s complete street address (e.g., 3713 NE Main St).         
  • country. The user’s country of residence, specified by using a two-character ISO ALPHA-2 code. For example, Mexico is indicated by this code:
    MX

To accommodate these additional scopes the LINE configuration provider page in the Social Login dashboard has been updated to give you access to all the LINE scopes (the 5 new Profile+ scopes and the two “old” scopes, email and profile):

To return any of the Profile+ scopes just do what you’ve always done: select the scope (or scopes) you’d like to get back. For example, in the preceding screenshot, we’ve selected the two original scopes (email_address and profile) as well as two of the new Profile+ scopes: birthdate and gender. As long as we have a Profile+ account then, each time a user successfully completes social login by using LINE, we’ll get back the following information for that user:

  • Date of birth
  • Gender
  • Email address
  • Basic profile information

Just remember that the five new scopes (real_name, gender, birthdate, phone, address) are only returned if you have a Profile+ account. What if LINE your account hasn’t been enabled for Profile+? Well, you can still select any of the new scopes on the provider configuration page; nothing prevents you from doing that. However, the user profile information associated with those scopes won’t be returned: that’s because LINE ignores any scopes your developer account doesn’t have access to. Suppose you select the four scopes shown in the preceding screenshot, but you don’t have a Profile+ account. In that case the user will still be able to log on by using LINE. However, you’ll only get back the following non-Profile+ scopes:

  • Email address
  • Basic profile information

The only way to get back the actual user data associated with one of the new scopes is to create a LINE login app using an account that has the Profile+ permissions, Again, see your LINE representative for more information.


I Have a Profile+ Account: Can I Create a Custom Provider to Return These New Scopes?

For all practical purposes, no. Yes, the Identity Cloud’s custom provider technology enables you to use almost any identity provider (IdP) as a social login provider; the only real restriction is that the IdP must support OAuth2.0, OpenID Connect, or SAML 2. And yes, LINE supports OAuth 2.0, meaning that you couldcreate a custom provider that leverages LINE for user authentication. However, that’s as far as you can go: your custom provider won’t be able to return any user profile data, including any non-Profile+ data. 

Why not? That’s because Identity Cloud custom providers can only retrieve user data from the userinfo endpoint. Meanwhile, LINE only includes user profile data as part of the identity token: it doesn’t copy this data to the userinfo endpoint. Because there’s no profile data in the userinfo endpoint there’s nothing for your custom provider to return.

The moral of the story? For the moment, at least, configuring your app in the Social Login dashboard and relying on the Identity Cloud to retrieve the user profile from LINE (and to copy that information to the users Identity Cloud profile) is by far the easiest and most-foolproof way to use LINE as a social login IdP.