[LINE Messaging API] Issue channel access token v2.1 in Python

Hello everyone use the Messaging API.

Issued Channel Access Token v2.1 with public key released the other day The procedure was too esoteric for beginners I will share the procedure that I tried as a beginner and was able to issue a channel access token v2.1 with python.

https://developers.line.biz/ja/news/2020/04/06/channel-access-token-apis-v2-1/

Main subject

JWT is explained in detail on other sites, so I will omit the details and explain only the code.

The library used this time is "jwcrypto". https://github.com/latchset/jwcrypto/

pip install jwcrypto

Actual code


from jwcrypto import jwk,jwt
import time

#JWT token expiration date (specified in up to 30 minutes epoch seconds)
exp = (int(time.time()))+(60 * 30)

#Expiration date of the channel access token to be issued (up to 30 days, specified in seconds)
token_exp = 60


header = {"alg": "RS256","typ": "JWT","kid": "1dab2f4f-b73f-47a3-b99d-1730e22b9544"}

payload = { "iss": "1573163733", "sub": "1573163733", "aud": "https://api.line.me/", "exp": exp, "token_exp": token_exp }


#A private key issued by the LINE Developers console."privateKey"Be careful because it is only the contents
privateKey = {
    "p": "_mMa1ShoEgeQ0_bo8c1aLa626TQMEu9Ey6ecpgF1Ln_l9jwfPz0JNpJudHF0ZI_Jx6kYp1xNCO4mQpybz-d8N49tcLS9fsQ0IxfVuqJo92vDOT6JLji-l1ssN-Gw052yxtfbLAh21k_HahtEDQyXrASA1LQcFyuxcBpzuzqw6r8",
    "kty": "RSA",
    "q": "0ofg_iiqc-mwy95Jj2hh2YY5GfL-Zz1t9IZ2fUeTl1kNlt9njiW3nkrFP0sQWTXLo7ukyfph6-KhbmBGSgKGCarOFz-HbLpKevEB-zpHfvOYclYmSiBof__PudcTel67VyGH7zPfs5pF3ZZLzJ3pV9dQATgqNpa3EO4g2tFSU6k",
    "d": "rhMe1_FEp1luwTsjvtAwBXxfN4rkJ-Q92r3jHXSDj-yRNA8Drv5xEtEwFOBeJttEdiMeknsGctr3hKOxetxUl8H_XBamfxjzLw8XdZXa-ul60lveMaTrhZ_G8PwygP2AXgNR6_i08kk1QS5cAltpyCzt9kF8S6a67WdVwTvwuB_CR5cTTRGHuvdMt2klrIYZDsDZVD0bqaBmpAPKHyQtCNGgqVHTbzEVydAykbYKoHLK1-e9CViQFIJU_KeNJdTEcWy43HGmbColrbXki1yPIPLydRuSlihoJQ11fikIbaU2gC_79IeSfC5mu4kedTpwEpwOAkviZeV_pJP8YTYKwQ",
    "e": "AQAB",
    "use": "sig",
    "kid": "1dab2f4f-b73f-47a3-b99d-1730e22b9544",
    "qi": "hVkG582RG4xBesEEmCEUBdT-SpysjZ3QPHPDWI8Wm-FnnJs7K5ECmUpSkIbY4yfzBp7OZ9dyeP_iX-1iSyfLEECjDQIdAiGxLL_9ogCbl53IS_ezMRBCox9g0nf9aJ9eH3gxKCYKv3iJ2YwRilH9uNFTmH3wqYZGsvPsyARNjUE",
    "dp": "zSc1u5Qzod6yIQ9uO5uFz3OolZfg6OBH1godng9s5oxE8_j2pjReGsGrDIN2_6aqbzfi5w3cHoiZGH1edyPTnKcx9oP8kqA-_9I4DqTuDCO_NIpHbZxbsIrZtVNxHKiARjZMzk0hMaLzSpIkpnVyWErlbyS1xsX4-lSK4wLpLNc",
    "alg": "RS256",
    "dq": "SJSzyqu2aBPO8doGvjwcT-PoV7vgXTNebwjUXMiKZ4k6GCOZDfaO4TGh4vo7_qV_OUl9vGxnyezt_qGOWgGYuEh8mKM8Sw3Gk6_3IOessmXEztZIiRG3NTm6IbW2b1-tcpKKzLqzirXLFGO2aiqewbvnRyRX2U4Ievu9s_KqUVE",
    "n": "0TRR2UfFrbS6oL-PAN0Mefb4meBlMFFMSkQA9F_sMPk5-HPIohnzkyxsajXU9Q8hwCcnx3xe7nMB5QzHakqyONpiMyRPWFkErP5IxI4dQnnlWnKCuHOoscSIaB6pegm7vWShfLeAqXGV9AlgM-_oboVj0eD0BmYSAjn2sFVC2ZIi0weE2CCcRZCaXMOgPStjj5GnRusntvEh4jkivFd9q21jvBcAd3Lx8irg1M0hxrK_Uy0Larod-1xrfF6NH5dhnGjCVyDSxaWguBhpPC4xS6HXOJbLX67F2NxCS9Qz9B6EmjHLzqwpYCaRoazQs4C4gfHs4XLZLOXHcR2YOxTlFw"
}

#Convert private key from JSON to JWK
privateKey = jwk.JWK(**privateKey)

#Create JWT token
Token = jwt.JWT(header=header,
claims=payload)

#Sign with the created private key
Token.make_signed_token(privateKey)

#Serialize
JWTtoken = Token.serialize()

#Complete
print(JWTtoken)

How to use

  1. Change the kid in the header to your assertion signing key.
  2. Change the "iss" and "sub" in the payload to your channel ID.
  3. For privateKey, specify the contents of the JSON "privateKey" issued from the LINE Developers console.
  4. Run it to complete the JWT.

Test app https://myucy.herokuapp.com/oauth2/v2.1/jwt

Addictive point 1 Private key conversion

I was addicted to this because I had little knowledge of JWT and JWS. As a rough explanation, the private key issued by the LINE Developers console is It seems that you have to convert to JWK once because it can not be used for JWT signature as it is in JSON format.

I will investigate this a little more and add it.

Addictive point 2 jwcrypto library

The jwcrypto library seems to look strictly at the type, so when converting to JWK or JWT, It seems that header, payload and privateKey must be dict type.

Impressions

Channel access token v2.1 allows you to specify the token expiration date yourself, so For example, you can use it like a one-time token that is valid only for 10 minutes at the delivery timing. It will be possible to implement more flexibly than before.

In addition, the channel access token v2.1 is a channel access token issued by the API so far, and It seems that the issuance limit is counted separately.

bonus

I've created a simple test app for the channel access token v2.1, so please feel free to contact me.

Channel access token v2.1 issued https://myucy.herokuapp.com/oauth2/v2.1/token

Channel access token v2.1 Get token https://myucy.herokuapp.com/oauth2/v2.1/tokens

Channel access token v2.1 revoked https://myucy.herokuapp.com/oauth2/v2.1/revoke

jwt issue test app https://myucy.herokuapp.com/oauth2/v2.1/jwt

Source code https://github.com/myucy/line-channel-token-v2.1-tester

Recommended Posts

[LINE Messaging API] Issue channel access token v2.1 in Python
[LINE Messaging API] Create a rich menu in Python
Access the Twitter API in Python
Run Google Analytics API (core v3) in python
[WP REST API v2] Upload images in Python
Evernote API in Python
C API in Python 3
[LINE Messaging API] Create parrot return BOT with Python
Hit Mastodon's API in Python
Fizzbuzz in Python (in one line)
Made "Unofficial Apple Refurbished Product Introduction" BOT with LINE Messaging API (v2) + API Gateway + lambda (python)
I made LINE-bot with Python + Flask + ngrok + LINE Messaging API
Try LINE Notify in Python
Blender Python API in Houdini (Python 3)
Issue reverse geocoding in Japanese with Python Google Maps API
I made a Chatbot using LINE Messaging API and Python
Easy-to-understand demo of Imagemap Message of LINE Messaging API [PHP] [Ruby] [Python]
[LINE Messaging API] Create a BOT that connects with someone with Python
Firebase Authentication token issuance in Python and token verification with Fast API
I made a Chatbot using LINE Messaging API and Python (2) ~ Server ~
LINE BOT (Messaging API) development with API Gateway and Lambda (Python) [Part 2]
Make python segfault in one line
Getting the arXiv API in Python
Hit the Sesami API in Python
Try PLC register access in Python
Create Gmail in Python without API
Hit the web API in Python
Quickly implement REST API in Python
I tried Line notification in Python
[Introduction] Insert line breaks in Python 3
Implemented in 1 minute! LINE Notify in Python
Google API access token and refresh token
Mouse operation using Windows API in Python
CGI server (1) python edition in one line
Try using the Wunderlist API in Python
How to access environment variables in Python
Try using the Kraken API in Python
Line graphs and scale lines in python
Get Google Fit API data in Python
Get Youtube data in Python using Youtube Data API
Read the file line by line in Python
Exclusive file access between processes in Python
Decompose command arguments in one line in Python
Access S3 resources via Cognito in Python
[Python] Invert bool value in one line
Try hitting the YouTube API in Python
Implemented Python wrapper for Qiita API v2
[Python] Read the specified line in the file
Create a filter to get an Access Token in the Graph API (Flask)
Run Qiita API v2 Python wrapper in Python3 environment (Mac OS X 10.11 (El Capitan))