Issue, verify, and revoke channel access tokens for the Messaging API.
A channel access token is the Bearer credential every Messaging API call needs
(ExLine.Client.new(access_token: ...)). You can either paste a long-lived token
from the LINE Developers Console and skip this module entirely, or issue tokens
programmatically here. There are three families:
- Long-lived (v1) —
issue/3/verify/2/revoke/2. Authenticated with the channel id + secret; one token at a time, ~30-day fixed lifetime. - Stateless —
issue_stateless/3(channel secret) orissue_stateless_with_jwt/2(JWT assertion). Short-lived (~15 min), not counted/stored — issue one per burst of calls; no verify/revoke needed. - JWT with custom expiry (v2.1) —
issue_jwt/2/verify_jwt/2/revoke_jwt/4/key_ids/2. Authenticated with a JWT assertion signed by a private key whose public key is registered in the Console; up to 30 active tokens, expiry up to 30 days.
Every function takes a transport-only client (ExLine.Client.transport/0) —
these endpoints authenticate via the request body, not a Bearer header, so an
access_token is neither required nor sent.
Build the JWT assertion with ExLine.ChannelAccessToken.Assertion.sign/1, and see
the Channel access token guide for key generation,
Console registration, and caching with ExLine.ChannelAccessToken.Cache.
Ref: https://developers.line.biz/en/docs/messaging-api/channel-access-tokens/
Summary
Functions
Issues a long-lived channel access token (v1) from the channel id and secret.
Issues a channel access token with a user-specified expiry (v2.1) from a signed
JWT assertion.
Issues a stateless channel access token using the channel id and secret.
Issues a stateless channel access token using a signed JWT assertion.
Gets all valid v2.1 token key ids for the channel, authenticated with a signed
JWT assertion.
Revokes a long-lived (v1) channel access token.
Revokes a v2.1 channel access token (requires the channel id and secret).
Verifies a long-lived (v1) channel access token.
Verifies a v2.1 channel access token.
Types
Functions
@spec issue(ExLine.Client.t(), String.t(), String.t()) :: {:ok, token()} | {:error, ExLine.Error.t()}
Issues a long-lived channel access token (v1) from the channel id and secret.
Returns {:ok, %{"access_token" => token, "expires_in" => seconds, "token_type" => "Bearer"}} or {:error, ExLine.Error.t()}. Issuing again invalidates the
previous v1 token.
iex> client = ExLine.Client.transport(adapter: MyAdapter)
iex> ExLine.Api.ChannelAccessToken.issue(client, "1656...", "secret")
{:ok, %{"access_token" => "...", "expires_in" => 2592000, "token_type" => "Bearer"}}Ref: https://developers.line.biz/en/reference/messaging-api/#issue-channel-access-token
@spec issue_jwt(ExLine.Client.t(), String.t()) :: {:ok, token()} | {:error, ExLine.Error.t()}
Issues a channel access token with a user-specified expiry (v2.1) from a signed
JWT assertion.
Returns {:ok, %{"access_token" => ..., "expires_in" => ..., "token_type" => "Bearer", "key_id" => ...}}. Keep key_id to look the token up via key_ids/2.
Build assertion with ExLine.ChannelAccessToken.Assertion.sign/1 (include
:token_exp for the desired lifetime).
Ref: https://developers.line.biz/en/reference/messaging-api/#issue-channel-access-token-v2-1
@spec issue_stateless(ExLine.Client.t(), String.t(), String.t()) :: {:ok, token()} | {:error, ExLine.Error.t()}
Issues a stateless channel access token using the channel id and secret.
Stateless tokens are short-lived (~15 min) and are not stored or counted, so there is no verify/revoke — just issue one when you need it.
Ref: https://developers.line.biz/en/reference/messaging-api/#issue-stateless-channel-access-token
@spec issue_stateless_with_jwt(ExLine.Client.t(), String.t()) :: {:ok, token()} | {:error, ExLine.Error.t()}
Issues a stateless channel access token using a signed JWT assertion.
Build assertion with ExLine.ChannelAccessToken.Assertion.sign/1.
Ref: https://developers.line.biz/en/reference/messaging-api/#issue-stateless-channel-access-token
@spec key_ids(ExLine.Client.t(), String.t()) :: {:ok, token()} | {:error, ExLine.Error.t()}
Gets all valid v2.1 token key ids for the channel, authenticated with a signed
JWT assertion.
Returns {:ok, %{"kids" => [...]}}.
@spec revoke(ExLine.Client.t(), String.t()) :: {:ok, term()} | {:error, ExLine.Error.t()}
Revokes a long-lived (v1) channel access token.
Ref: https://developers.line.biz/en/reference/messaging-api/#revoke-channel-access-token
@spec revoke_jwt(ExLine.Client.t(), String.t(), String.t(), String.t()) :: {:ok, term()} | {:error, ExLine.Error.t()}
Revokes a v2.1 channel access token (requires the channel id and secret).
Ref: https://developers.line.biz/en/reference/messaging-api/#revoke-channel-access-token-v2-1
@spec verify(ExLine.Client.t(), String.t()) :: {:ok, token()} | {:error, ExLine.Error.t()}
Verifies a long-lived (v1) channel access token.
Returns {:ok, %{"client_id" => ..., "expires_in" => seconds, "scope" => ...}}.
Ref: https://developers.line.biz/en/reference/messaging-api/#verify-channel-access-token
@spec verify_jwt(ExLine.Client.t(), String.t()) :: {:ok, token()} | {:error, ExLine.Error.t()}
Verifies a v2.1 channel access token.
Ref: https://developers.line.biz/en/reference/messaging-api/#verify-channel-access-token-v2-1