Hello,
in the last couple days I’m trying to figure out how OpenID works in conjunction with Line : https://developers.line.biz/en/reference/line-login/ , so I installed openid
The OpenID Connect discovery document for Line is found here:
https://access.line.me/.well-known/openid-configuration
I setup the openid profile and email scopes.
According to line.biz the email address is in the token. And everything looks ok so far when I look in my logs.
I got the email address in the JWT file extracted from the token
like:
OIDC Log: Verified JWT—
iss: https://access.line.me
sub: Uf3156a0081c563144b3
aud: ‘1657458025’
exp: 1662826967
iat: 1662823367
nonce: f5930aa4c2bd1b3807d
amr:
- linesso
email: example@example.com
But after requesting https://api.line.me/oauth2/v2.1/userinfo
The email address isn’t included. only name and the sub UserId.
A look at the line documents under userinfo seems like this is correct. The userinfo doesn’t include the email.
So what could I do to extract the email address in the JWT response. ? I tried to use claims and maybe there is a way to get it that I’m missing? Or is that going to nowhere? . Makes me dizzy
Thank you!
Edit:
I read on the OpenID Plugin Page: openid
If the discovery document includes a userinfo_endpoint
parameter, then the plugin will use that to collect user metadata. If not, the plugin will extract metadata from the id_token
(A JWT) supplied by the token endpoint.
So one solution would be to tell the plugin not using the userinfo endpoint? That would be great. But I could do that?