Hello everyone use the Messaging API.
Issued Channel Access Token v2.1 with public key released the other day The procedure was too esoteric for beginners I will share the procedure that I tried as a beginner and was able to issue a channel access token v2.1 with python.
https://developers.line.biz/ja/news/2020/04/06/channel-access-token-apis-v2-1/
JWT is explained in detail on other sites, so I will omit the details and explain only the code.
The library used this time is "jwcrypto". https://github.com/latchset/jwcrypto/
pip install jwcrypto
Actual code
from jwcrypto import jwk,jwt
import time
#JWT token expiration date (specified in up to 30 minutes epoch seconds)
exp = (int(time.time()))+(60 * 30)
#Expiration date of the channel access token to be issued (up to 30 days, specified in seconds)
token_exp = 60
header = {"alg": "RS256","typ": "JWT","kid": "1dab2f4f-b73f-47a3-b99d-1730e22b9544"}
payload = { "iss": "1573163733", "sub": "1573163733", "aud": "https://api.line.me/", "exp": exp, "token_exp": token_exp }
#A private key issued by the LINE Developers console."privateKey"Be careful because it is only the contents
privateKey = {
"p": "_mMa1ShoEgeQ0_bo8c1aLa626TQMEu9Ey6ecpgF1Ln_l9jwfPz0JNpJudHF0ZI_Jx6kYp1xNCO4mQpybz-d8N49tcLS9fsQ0IxfVuqJo92vDOT6JLji-l1ssN-Gw052yxtfbLAh21k_HahtEDQyXrASA1LQcFyuxcBpzuzqw6r8",
"kty": "RSA",
"q": "0ofg_iiqc-mwy95Jj2hh2YY5GfL-Zz1t9IZ2fUeTl1kNlt9njiW3nkrFP0sQWTXLo7ukyfph6-KhbmBGSgKGCarOFz-HbLpKevEB-zpHfvOYclYmSiBof__PudcTel67VyGH7zPfs5pF3ZZLzJ3pV9dQATgqNpa3EO4g2tFSU6k",
"d": "rhMe1_FEp1luwTsjvtAwBXxfN4rkJ-Q92r3jHXSDj-yRNA8Drv5xEtEwFOBeJttEdiMeknsGctr3hKOxetxUl8H_XBamfxjzLw8XdZXa-ul60lveMaTrhZ_G8PwygP2AXgNR6_i08kk1QS5cAltpyCzt9kF8S6a67WdVwTvwuB_CR5cTTRGHuvdMt2klrIYZDsDZVD0bqaBmpAPKHyQtCNGgqVHTbzEVydAykbYKoHLK1-e9CViQFIJU_KeNJdTEcWy43HGmbColrbXki1yPIPLydRuSlihoJQ11fikIbaU2gC_79IeSfC5mu4kedTpwEpwOAkviZeV_pJP8YTYKwQ",
"e": "AQAB",
"use": "sig",
"kid": "1dab2f4f-b73f-47a3-b99d-1730e22b9544",
"qi": "hVkG582RG4xBesEEmCEUBdT-SpysjZ3QPHPDWI8Wm-FnnJs7K5ECmUpSkIbY4yfzBp7OZ9dyeP_iX-1iSyfLEECjDQIdAiGxLL_9ogCbl53IS_ezMRBCox9g0nf9aJ9eH3gxKCYKv3iJ2YwRilH9uNFTmH3wqYZGsvPsyARNjUE",
"dp": "zSc1u5Qzod6yIQ9uO5uFz3OolZfg6OBH1godng9s5oxE8_j2pjReGsGrDIN2_6aqbzfi5w3cHoiZGH1edyPTnKcx9oP8kqA-_9I4DqTuDCO_NIpHbZxbsIrZtVNxHKiARjZMzk0hMaLzSpIkpnVyWErlbyS1xsX4-lSK4wLpLNc",
"alg": "RS256",
"dq": "SJSzyqu2aBPO8doGvjwcT-PoV7vgXTNebwjUXMiKZ4k6GCOZDfaO4TGh4vo7_qV_OUl9vGxnyezt_qGOWgGYuEh8mKM8Sw3Gk6_3IOessmXEztZIiRG3NTm6IbW2b1-tcpKKzLqzirXLFGO2aiqewbvnRyRX2U4Ievu9s_KqUVE",
"n": "0TRR2UfFrbS6oL-PAN0Mefb4meBlMFFMSkQA9F_sMPk5-HPIohnzkyxsajXU9Q8hwCcnx3xe7nMB5QzHakqyONpiMyRPWFkErP5IxI4dQnnlWnKCuHOoscSIaB6pegm7vWShfLeAqXGV9AlgM-_oboVj0eD0BmYSAjn2sFVC2ZIi0weE2CCcRZCaXMOgPStjj5GnRusntvEh4jkivFd9q21jvBcAd3Lx8irg1M0hxrK_Uy0Larod-1xrfF6NH5dhnGjCVyDSxaWguBhpPC4xS6HXOJbLX67F2NxCS9Qz9B6EmjHLzqwpYCaRoazQs4C4gfHs4XLZLOXHcR2YOxTlFw"
}
#Convert private key from JSON to JWK
privateKey = jwk.JWK(**privateKey)
#Create JWT token
Token = jwt.JWT(header=header,
claims=payload)
#Sign with the created private key
Token.make_signed_token(privateKey)
#Serialize
JWTtoken = Token.serialize()
#Complete
print(JWTtoken)
Test app https://myucy.herokuapp.com/oauth2/v2.1/jwt
I was addicted to this because I had little knowledge of JWT and JWS. As a rough explanation, the private key issued by the LINE Developers console is It seems that you have to convert to JWK once because it can not be used for JWT signature as it is in JSON format.
I will investigate this a little more and add it.
The jwcrypto library seems to look strictly at the type, so when converting to JWK or JWT, It seems that header, payload and privateKey must be dict type.
Channel access token v2.1 allows you to specify the token expiration date yourself, so For example, you can use it like a one-time token that is valid only for 10 minutes at the delivery timing. It will be possible to implement more flexibly than before.
In addition, the channel access token v2.1 is a channel access token issued by the API so far, and It seems that the issuance limit is counted separately.
I've created a simple test app for the channel access token v2.1, so please feel free to contact me.
Channel access token v2.1 issued https://myucy.herokuapp.com/oauth2/v2.1/token
Channel access token v2.1 Get token https://myucy.herokuapp.com/oauth2/v2.1/tokens
Channel access token v2.1 revoked https://myucy.herokuapp.com/oauth2/v2.1/revoke
jwt issue test app https://myucy.herokuapp.com/oauth2/v2.1/jwt
Source code https://github.com/myucy/line-channel-token-v2.1-tester
Recommended Posts