iOS login gives error "400 Bad request with invalid redirect_uri value. Check if it is registered in a LINE developers site"

[higitune]

Is it a security issue?

If you believe you have discovered a vulnerability or have an issue related to security, please DO NOT open a public issue. Instead, send us a mail to dl_oss_dev@linecorp.com.

What did you do?

I followed REDDME.md 's instruction and set up the iOS configuration and test run.

Please describe what you did before you encounter the issue.

What did you expect?

login successful

Please describe what you did expect to happen.

What happened actually?

I receive 400 Bad request with invalid redirect_uri value. Check if it is registered in a LINE developers site

Please describe what happened actually.

I wonder if README is updated

https://github.com/line/flutter_line_sdk/#ios-app-settings here, there's a section called

iOS scheme	Set to line3rdp., followed by the bundle identifier. For example, if your bundle identifier is com.example.app, set the iOS scheme to line3rdp.com.example.app. Only one iOS scheme can be specified.

but that is not in the web console.

Your environment?

Package flutter_line_sdk: dependency: "direct main" description: name: flutter_line_sdk url: "https://pub.dartlang.org" source: hosted version: "2.1.0"

Xcode Version 13.3.1 (13E500a)

iOS 12.3.1

Some information of the environment in which the issue happened. Package version, Xcode version, iOS version, etc.

Sample project

It would be appreciated if you can provide a link to or update a sample project that we can download and reproduce the issue.

[onevcat]

Hi,

but that is not in the web console.

Yes. That section is not required anymore and the value will be automatically set for you based on the "iOS bundle ID" you provided. We will update the guide soon, thank you for pointing it out!

However, that setting should not be related to your issue here. The error "invalid redirect_uri value" is often due to you are not setting a correct bundle ID. Can you check and make sure the ones you set there is identical or containing the actual bundle ID for you app target?

[higitune]

Hi, @onevcat -san thanks for quick response.

I just double check that bundle ID is identical and plist is also configured correctly. The sample code is below. PRODUCT_BUNDLE_IDENTIFIER is the value in iOS bundle ID on web console. and twitter login and facebook login is working.

<key>CFBundleURLTypes</key>
<array>
    <dict>
        <key>CFBundleTypeRole</key>
        <string>Editor</string>
        <key>CFBundleURLSchemes</key>
        <array>
            <string>line3rdp.$(PRODUCT_BUNDLE_IDENTIFIER)</string>
            <string>value for twitter login</string>
            <string>fb-value-for-facebook-login</string>
        </array>
    </dict>
</array>

and also let me add following this information additionally.

if you look at the URL on this page, that is something like this. (ID and security values are masked.) the redirect_uri part looks correctly configured I think. If you find something wrong, it's very helpful. thank you.

https://access.line.me/oauth2/v2.1/authorize/consent?state=SOME_STATE_VALUE&response_type=code&sdk_ver=5.8.1&redirect_uri=line3rdp.OUR_PRODUCT_ID%3A%2F%2Fauthorize%2F&code_challenge_method=S256&client_id=CLIENT_ID&code_challenge=CODE_CHALLENGE_VALUE&scope=profile

[higitune]

and one more additional information. we're using same application for Web APP too. it's working as expected. My guess is when redirect_uri for web app is registered, the redirect_uri for iOS app became inactive or something like that.

the DEEP link from redirect_uri parameter is valid too (I checked from this command and that flutter applciation was launched) xcrun simctl openurl booted line3rdp.{OUR_PRODUCT_ID}://

[onevcat]

Ummm,

That's weird. The URI seems fine and I wonder what's going on.

May I ask if this channel already published? Or is it still in "Developing" state? If it is still in developing, then you need to make sure the login user is added as at least a "Tester" to the console.

and one more additional information. we're using same application for Web APP too. it's working as expected.

Oh.. So it should be fine and not a tester thing.

the DEEP link from redirect_uri parameter is valid too

So do you mean you also set the "iOS universal link" in the developer console? If so, then you also need to call setup with the same link as the second parameter to make the two sides matching:

LineSDK.instance.setup("${your_channel_id}", "https://yourdomain.com/line-auth/").then((_) {
  print("LineSDK Prepared");
});

[onevcat]

If that is not what you are experiencing, can you please let me know your channel ID in problem (as well as a timestamp when this happens)? I will try to investigate the reason in deep.

[higitune]

No, we don't use universal link. channel id 1656609584 timestamp is ~24:00 yday. also it reproduced at just now

[onevcat]

Thanks. I will try to see if I can find anything and let you know!

[higitune]

thanks a lot!

2022年4月18日(月) 18:04 Wei Wang @.***>:

Thanks. I will try to see if I can find anything and let you know!

— Reply to this email directly, view it on GitHub https://github.com/line/flutter_line_sdk/issues/55#issuecomment-1101240126, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABX67E4KUGQ6BTUEWCGBF4TVFUQQFANCNFSM5TT7XQWQ . You are receiving this because you authored the thread.Message ID: @.***>

[onevcat]

@higitune

We checked the log and the channel 1656609584 is not quite active today. There were several requests from the channel ID yesterday night, but none is ~24:00 yesterday, and moreover, there is no request in recent hours today.

So I suspect that can it be an issue that you entered a wrong channel ID when setting up LINE SDK (in the LineSDK.instance.setup). A mismatch of channel ID in the setup method would exactly trigger this 400 error, since our login server can detect that the expected return uri is not matching, which is recognized as a request error.

Can you make sure that you are using the same channel ID you mentioned in this thread? (Make sure there is no space in either side, for example).

If it is still not the case, it would be appreciated if you let me know an IP address when you trying to login when this error happens, and I will try to search it again in the log system.

[higitune]

@onevcat oh so sorry for that. now I found that ID was old one... let me try update it and get back to you soon. hopefully that resolve the error ;)

[higitune]

Thanks. I confirmed that is working. Very appreciate your kind help!