Application Login Page
Create an application login page for the step 3 of "Figure OAuth 2.0 based SSO between LINE WORKS and the customer." This page is where users enter their IDs and passwords to log in to the LINE WORKS app or Drive Explorer.
After processing the login request, issue an authorization code and return it to the redirect_uri.
Note
- Although the LINE WORKS app and Drive Explorer run as an application, they internally use an in-app browser to call the customer's web page. Therefore, you can create a responsive "web login page" and use it for application login too, rather than creating an additional application login page.
Caution
- The customer must redirect users to the redirect_uri after logging them in. Otherwise the login process will not work as expected.
Request URL {#app-login-request-url}
https://CustomerDomain/CustomerLoginPage
You can only use port 80 or 443 according to LINE WORKS's infrastructure security policy.
Register the request URL in Application Login URL under SSO > WORKS as SP in the Developer Console.
Figure Add OAuth 2.0 based Application Login URL
HTTP method {#app-login-request-method}
GET
Request {#app-login-request-parameter}
| Parameter | Type | Required | Description |
|---|---|---|---|
| response_type | String | Y | A value to specify the response type. Set this parameter to "code". |
| client_id | String | Y | The client ID registered in the Developer Console |
| redirect_uri | String | Y | The URL to return an authorization code to after user authentication is completed. It is URL-encoded. |
| worksId | String | N | User's LINE WORKS account. It can be used on the customer's login page if needed. |
| userAgent | String | Y | A value to distinguish access from the LINE WORKS mobile app or desktop app from web login. This value can replace the userAgent in the HttpRequest Header. Set this parameter to "LineWorks". |
| sessionKey | String | Y | It is used to check whether a request is from LINE WORKS. |
Note
- The "state" used to prevent cross-site request forgery (CSRF) is included in the redirect_uri. Therefore, the customer must use the redirect_uri as it is to redirect an authorization code.
- If the LINE WORKS authentication system does not receive an authorization code callback within 30 minutes after the login page is displayed, the login is considered abnormal and thus fails.
- The userAgent value in the HttpRequest Header is subject to change without notice.