Can't use my own custom Nonce in Unity API.

Question

Can't use my own custom Nonce in Unity API.

Closed this issue 10 months ago · 3 comments

trinhlehainamvice commented 10 months ago

Is it a security issue?

no

What did you do?

I have project that require to integrate between LineLogin and Firebase Auth.

What did you expect?

I want to take IdToken and AccessToken from LineLogin and register to Firebase Auth with OpenID Connect. But Firebase OAuthProvider require rawNonce (Nonce string haven't hashed by SHA256) and Firebase API will hash rawNonce to check nonce inside IdToken is valid.

What happened actually?

Underline LineLogin API creates Nonce for openid scope one each request, but nonce was hidden, not completely hidden but there isn't any option to pass Custom Nonce from Unity API to Wrapper API. I don't have any experiment on Java and Object-C to modify on my own, so can Line Developers expose Custom Nonce on Unity API, or there is another way that I don't know

Your environment?

LINE SDK version: 5-8-1
Unity version: 2022.3.5

English is not my native language, so I really apologize if there are somethings doesn't clear.

Answer 1 · 2023-08-24T06:47:32.000Z

Hi,

Thanks for opening this. The ID Token nonce is not yet supported in this Unity wrapper. We understand that it is necessary for a secure login with your implementation and I will see how it could be added. Please stay tuned.

Answer 2 · 2023-08-30T03:03:08.000Z

Thank you for the update. I'll stay tuned for further developments.

Answer 3 · 2023-09-05T04:31:16.000Z

Thanks for the waiting. This was added in 1.3.0 and you now should be able to set a customize nonce by using the related parameter.