Closed trinhlehainamvice closed 1 year ago
onevcat
commented
1 year ago Hi,
Thanks for opening this. The ID Token nonce is not yet supported in this Unity wrapper. We understand that it is necessary for a secure login with your implementation and I will see how it could be added. Please stay tuned.
trinhlehainamvice
commented
1 year ago Thank you for the update. I'll stay tuned for further developments.
onevcat
commented
1 year ago Thanks for the waiting. This was added in 1.3.0 and you now should be able to set a customize nonce by using the related parameter.
Is it a security issue?
no
What did you do?
I have project that require to integrate between LineLogin and Firebase Auth.
What did you expect?
I want to take IdToken and AccessToken from LineLogin and register to Firebase Auth with OpenID Connect. But Firebase OAuthProvider require rawNonce (Nonce string haven't hashed by SHA256) and Firebase API will hash rawNonce to check nonce inside IdToken is valid.
What happened actually?
Underline LineLogin API creates Nonce for openid scope one each request, but nonce was hidden, not completely hidden but there isn't any option to pass Custom Nonce from Unity API to Wrapper API. I don't have any experiment on Java and Object-C to modify on my own, so can Line Developers expose Custom Nonce on Unity API, or there is another way that I don't know
Your environment?
LINE SDK version: 5-8-1 Unity version: 2022.3.5
English is not my native language, so I really apologize if there are somethings doesn't clear.