Builds and signs the JWT assertion used by the JWT-based channel-access-token
endpoints (ExLine.Api.ChannelAccessToken.issue_jwt/2,
issue_stateless_with_jwt/2, key_ids/2).
You register the public key in the LINE Developers Console (channel's
Basic settings → Assertion Signing Key → Register a public key), which returns
a kid. You keep the matching private key and use it here to sign assertions.
See the Channel access token guide for key generation.
The assertion is an RS256 JWT with this shape:
header = %{"alg" => "RS256", "typ" => "JWT", "kid" => kid}
payload = %{
"iss" => channel_id,
"sub" => channel_id,
"aud" => "https://api.line.me/",
"exp" => <now + assertion_ttl>, # assertion's own short expiry
"token_exp" => <desired token lifetime in seconds> # v2.1 only
}Ref: https://developers.line.biz/en/docs/messaging-api/generate-json-web-token/
Summary
Functions
Signs a JWT assertion and returns the compact (header.payload.signature) string.
Functions
Signs a JWT assertion and returns the compact (header.payload.signature) string.
Options:
:channel_id(required) — the Messaging API channel id; used asissandsub.:kid(required) — the key id returned by the Console when you registered the public key.:private_key(required) — the signing key as a PEM string, a JWK map, or aJOSE.JWKstruct.:token_exp(optional) — desired lifetime of the issued token in seconds (v2.1 only; max 30 days = 2_592_000). Omit for the stateless endpoint.:assertion_ttl(optional) — lifetime of the assertion itself in seconds (default 30, max 30 min).:now(optional) — base Unix time in seconds (defaults to the current time); mainly for testing.
Network-free, but not a doctest because the output depends on the current time and a private key.
iex> pem = File.read!("priv/keys/line_assertion.pem")
iex> assertion =
...> ExLine.ChannelAccessToken.Assertion.sign(
...> channel_id: "1656...",
...> kid: "sDTOzw5w...",
...> private_key: pem,
...> token_exp: 2_592_000
...> )
iex> ExLine.Api.ChannelAccessToken.issue_jwt(ExLine.Client.transport(), assertion)