Naver Login

NAVER Login Developer's
Guide
NAVER Corp.
Copyright
Copyright NAVER Corp. All rights Reserved.
This document is an intellectual property of NAVER Corp.; unauthorized reproduction or distribution of this document,
or any portion of it is prohibited by law.
This document is provided for information purpose only. NAVER Corp. has endeavored to verify the completeness
and accuracy of information contained in this document, but it does not take the responsibility for possible errors or
omissions in this document. Therefore, the responsibility for the usage of this document or the results of the usage
falls entirely upon the user, and NAVER Corp. does not make any explicit or implicit guarantee regarding this.
Software products or merchandises mentioned in this document, including relevant URL information, conform to the
copyright laws of their respective owners. The user is solely responsible for any results occurred by not complying
with applicable laws.
NAVER Corp. may modify the details of this document without prior notice.
About This Document
Purpose
This document describes how to add NAVER Login to your application.
Audience
This document is intended for developers who want to add NAVER Login to their applications.
Contact Us
For any errors or inquiries regarding this document, please contact us via email.
Email: NAVER Login Global Support (dl_signwithnaver@navercorp.com)
Revision History
Date Description
2015. 9. 4. Content for the Web added
2015. 5. 21. First distribution of the NAVER Login Developer's Guide document`
3
Conventions
Notes
Note
A note describes useful information for users.
Cautions
Caution
A caution describes information that users should know in order to prevent system errors.
User Interface (UI) Text

UI text: Use bold formatting like Top Menu > Sub Menu.
User input: Use bold formatting like localhost.
Replaceable user input: Use braces to enclose like http://www.naver.com/{company_name}.
Source Code
Text for source code is written in black on a gray background.
COPYDATASTRUCT st;
st.dwData = PURPLE_OUTBOUND_ENDING;
st.cbData = sizeof(pp);
st.lpData = &pp;
::SendMes(GetTargetHwnd(), WM_COPYDATA, (WPARAM)this->m_hWnd, (LPARAM)&st);
4
Table of Contents
Overview ___________________________________________ 9
Features _______________________________________________________________________________________ 10
Steps for Adding NAVER Login ______________________________________________________________ 11
Reference _____________________________________________________________________________________ 11
Application Registration _________________________________ 13
NAVER Login Tryout ____________________________________ 15
NAVER Login for Android ________________________________ 17
Preparations __________________________________________________________________________________ 17
Requirements _____________________________________________________________________________ 17
Library Files _______________________________________________________________________________ 17
Development Environment Setup __________________________________________________________ 17
How to Add____________________________________________________________________________________ 18
Initialize ___________________________________________________________________________________ 18
Log In _____________________________________________________________________________________ 18
Get Access Tokens ________________________________________________________________________ 20
Log Out ___________________________________________________________________________________ 20
Disconnect ________________________________________________________________________________ 20
Make Open API Calls______________________________________________________________________ 21
Other Configurations ______________________________________________________________________ 21
API Reference _________________________________________________________________________________ 21
OAuthErrorCode __________________________________________________________________________ 21
OAuthLogin _______________________________________________________________________________ 22
OAuthLoginButton_________________________________________________________________________ 29
OAuthLoginHandler _______________________________________________________________________ 30
OAuthLoginState __________________________________________________________________________ 31
NAVER Login for iOS ___________________________________ 33
5
Preparations __________________________________________________________________________________ 33
Requirements _____________________________________________________________________________ 33
Library Files _______________________________________________________________________________ 33
Development Environment Setup __________________________________________________________ 33
OAuth 2.0 Authorization Flow ________________________________________________________________ 34
Getting Authorization Codes _______________________________________________________________ 34
Getting Access Tokens ____________________________________________________________________ 35
Making Open API Calls ____________________________________________________________________ 35
How to Add____________________________________________________________________________________ 35
Basic Configurations ______________________________________________________________________ 35
Log In _____________________________________________________________________________________ 37
Get Authorization Codes and Access Tokens ______________________________________________ 37
Refresh Access Tokens____________________________________________________________________ 38
Log Out ___________________________________________________________________________________ 39
Disconnect ________________________________________________________________________________ 39
API Reference _________________________________________________________________________________ 40
NaverThirdPartyLoginConnection _________________________________________________________ 40
NAVER Login for the Web ________________________________ 49
NAVER Login with PHP and Java ____________________________________________________________ 49
Generate State Tokens to Prevent CSRF Attacks __________________________________________ 49
Make Authorization Requests with NAVER Login __________________________________________ 50
Authentication and Authorization with NAVER _____________________________________________ 50
Verify State Tokens ________________________________________________________________________ 51
Get NAVER User Profile ___________________________________________________________________ 52
Refresh Access Tokens____________________________________________________________________ 53
Delete Access Tokens _____________________________________________________________________ 53
NAVER Login with the JavaScript Library ___________________________________________________ 54
Requirements _____________________________________________________________________________ 54
Basic Configurations ______________________________________________________________________ 54
Request Authentication ____________________________________________________________________ 55
Authentication and Authorization with NAVER _____________________________________________ 56
API Reference ________________________________________ 57
Authorize Users with NAVER _________________________________________________________________ 57
Get Access Tokens ___________________________________________________________________________ 58
Refresh Access Tokens ______________________________________________________________________ 59
6
Disconnect ____________________________________________________________________________________ 60
Get NAVER User Profile ______________________________________________________________________ 61
Status Codes__________________________________________________________________________________ 62
Error Codes ___________________________________________________________________________________ 63
NAVER Login Button Brand Guidelines _______________________ 65
Downloads ____________________________________________________________________________________ 65
Login Button Style ____________________________________________________________________________ 65
Default Typography and Color _______________________________________________________________ 66
Custom Button Design _______________________________________________________________________ 67
Size _______________________________________________________________________________________ 67
Text _______________________________________________________________________________________ 67
Look and Feel _____________________________________________________________________________ 67
Displaying with Other Third-Party Login Buttons____________________________________________ 68
Incorrect Button Design ______________________________________________________________________ 68
SDK Downloads _______________________________________ 69
NAVER Login Library for Android ____________________________________________________________ 69
NAVER Login Library for iOS_________________________________________________________________ 69
Sample Project for Windows _________________________________________________________________ 69
NAVER Login Library for JavaScript _________________________________________________________ 70
Changelog ____________________________________________________________________________________ 70
7
Overview
Overview
NAVER Login let users to use the OAuth 2.0-based security feature of NAVER when they are using non-
NAVER services.
It is a convenient and secure way for users to log into your application with the NAVER ID and password;
they do not have to remember their IDs and password of your application. It is recommended to add NAVER
Login to your application if you want to make people who hate complicated signups to join your application
or stop users leaving your application because they forget their accounts.
9
NAVER Login Developer's Guide
The following figure shows the basic login procedure with NAVER Login.
1. When a user clicks or taps the NAVER Login button on an application, the user will be redirected to the
NAVER login screen. If the user is using a mobile application, the user can use the Quick Sign-in
provided by the NAVER App. If the NAVER App is not installed, an in-app browser will be executed.
2. After the user is logged in with the NAVER ID and password, the user will be redirected to the screen
asking for permissions to access his/her information.
3. When the user agrees to the terms, the access token of an application will be issued through a callback
URL. The issued access token allows you to use NAVER's open API supporting OAuth 2.0 protocol or
get user information.
Features
Easy Access to User Information
You can easily retrieve the information, such as an email address, nickname, profile image, birthday, age,
gender and more, of the user who uses NAVER Login to be logged into your application through API.
Furthermore, you can add NAVER Login to various NAVER services like NAVER Blog.
Rapid Development and Simple Operation

You can implement NAVER Login quickly and easily through SDKs for various platforms such as Android,
iOS, and Windows as well as the Web for both PC and mobile. In addition, the statistics provided by NAVER
Login helps you figure out the current status of your service.
Mashup with NAVER's Open API

With NAVER Login, you can use the NAVER services that offer APIs. For example, the user who is logged
into your application using NAVER Login can publish a post on NAVER Blog, create an event on NAVER
10
Overview
Calendar, or join the NAVER Cafe community and write a post. We will continue to add more APIs that
support NAVER Login. For more information on supported APIs, visit the NAVER Login Developers site.
Note that the links below are currently provided in Korean only.
API for publishing a post on NAVER Blog (in Korean)
API for joining the NAVER Cafe community and writing a post (in Korean)
API for creating an event on NAVER Calendar (in Korean)
Steps for Adding NAVER Login

You should follow the steps below to add NAVER Login to your application.
1. Register an application
First, you need to register your application to issue a client ID and client secret.
2. Develop an application
Check out developer's guides, reference, and SDKs below and develop your application for your
development environment.
For developer's guide for Android, see "NAVER Login for Android."
For developer's guide for iOS, see "NAVER Login for iOS."
For developer's guide for the Web, see "NAVER Login for the Web."
For APIs, see "API Reference."
For downloading SDKs, see "SDK Downloads."
3. Add NAVER Login to your application
After completing development of your application, add NAVER Login to your application.
Reference
Oauth 2.0
11
Application Registration
Application Registration
In order to use NAVER Login in your application, you will need to register your application for issuing a client
ID and client secret. Note that the site where you can conduct an application registration is currently offered
only in Korean. Therefore you should send us your NAVER ID by email to dl_signwithnaver@navercorp.com.
Then, you will get informed of the overall registration procedure in English.
You can create a NAVER ID in the NAVER signup page if you don't have one.
13
NAVER Login Tryout
NAVER Login Tryout

You can check requests and responses that are called and applicable sample codes at the NAVER Login
Tryout page if NAVER Login is successfully working.
You can test it with a sample key value. If you select an issued application name, you can test it with its
issued key value.
The current step will be requested if you click the Request () button after entering a value in the
each field. If you want to move forward or backward, click the corresponding step button.
The information on each item is described in this document.
15
NAVER Login for Android

This chapter describes how to implement the NAVER Login features for Android.
The NAVER Login library for Android enables you to easily add the login, logout, and token management
features to your application.
To download the library, see "NAVER Login Library for Android."
Preparations
This section describes how to make preparations to add NAVER Login to your application and how to set up
the development environment.
Requirements
Environmental requirements to use the NAVER Login library for Android are as follows:
SDK: Android SDK 7 or later
IDE: Eclipse
Library Files
The NAVER Login library folder for Android consists of the following three files:
naveroauthlib-4.x.x.jar: The NAVER Login library file
naveroauthlib-4.x.x-source.jar: The NAVER Login library file with the source code
NaverOAuthLoginSample_4.x.x: The sample project folder that uses the NAVER Login library
Development Environment Setup
Configure an Eclipse Project

You can use the naveroauthlogin-4.x.x.jar file to configure your project. To include the NAVER Login
library, naveroauthlogin-4.x.x.jar, in Eclipse, follow the instructions below.
1. Copy the naveroauthlogin-4.x.x.jar file into the libs folder in your project.
2. Edit the AndroidManifest.xml file in your project as follows:
<!Add the Internet access permission. -->
<uses-permission android:name="android.permission.INTERNET" />
<!Registers the activity used in NAVER Login -->

<activity android:name="com.nhn.android.naverlogin.ui.OAuthLoginActivity"
android:theme="@android:style/Theme.Translucent.NoTitleBar"/>
<activity android:name="com.nhn.android.naverlogin.ui.OAuthLoginInAppBrowserActivity"
android:label="OAuth2.0 In-app"/>
Set theme of OAuthLoginActivity to "Translucent," or a black background is shown during the authorization
process.
Configure ProGuard to Exclude the Library

The NAVER Login library should not be obfuscated. In order to use ProGuard to build your application with
the NAVER Login library into an APK file, you will need to exclude the library file from ProGuard by editing
the proguard-project.txt file as described in the code below. The library file's name and folder path may
differ depending on its version or your development environment.
-libraryjars ../PORJECT_NAME/libs/naveroauthloginlib-4.x.x.jar
-keep public class com.nhn.android.naverlogin.** {
public protected *;
}
17
How to Add
This section describes how to add the NAVER Login library to your application.
Initialize
To add the library to the application, add the code below to initialize the NAVER Login instance.
mOAuthLoginModule = OAuthLogin.getInstance();
mOAuthLoginModule.init(
OAuthSampleActivity.this
,OAUTH_CLIENT_ID
,OAUTH_CLIENT_SECRET
,OAUTH_CLIENT_NAME
//,OAUTH_CALLBACK_INTENT
// OAUTH_CALLBACK_INTENT is not used since version 4.1.4.
);
OAUTH_CLIENT_ID: A client ID issued after an application was registered
OAUTH_CLIENT_SECRET: A client secret issued after an application was registered
OAUTH_CALLBACK_NAME: An application name displayed on the login screen of the NAVER App.
For a mobile web application, the application name stored in the server is displayed.
Caution
The OAUTH_CALLBACK_INTENT variable must be added and initialized to use the library with version 4.1.3 or
earlier.
Note
Even if the OAuthLogin.init() method is executed multiple time, the access token and refresh token previously stored
are not deleted. To delete them, you need to call the OAuthLogin.logout() or OAuthLogin.logoutAndDeleteToken()
method.
Log In
Login can be implemented in two ways: One is to use the OAuthLoginButton object to add the NAVER Login
button to the layout, and the other is to directly execute the OAuthLogin.startOAuthLoginActivity() method.
18
Add the NAVER Login Button with OAuthLoginButton

You can use the OAuthLoginButton object to add the NAVER Login button, as described below.
1. Add the code below to the layout file.

<com.nhn.android.naverlogin.ui.view.OAuthLoginButton
android:id="@+id/buttonOAuthLoginImg"
android:layout_width="wrap_content"
android:layout_height="50dp" />
2. Add the OAuthLoginHandler object that is to be executed when login is ended, and the code to register
the background type, to the activity.
mOAuthLoginButton = (OAuthLoginButton) findViewById(R.id.buttonOAuthLoginImg);
mOAuthLoginButton.setOAuthLoginHandler(mOAuthLoginHandler);
mOAuthLoginButton.setBgResourceId(R.drawable.img_loginbtn_usercustom);
Caution
When using the OAuthLoginButton, you must follow the brand guidelines to create the NAVER Login button. See
"NAVER Login Button Brand Guidelines."
Log in with startOAuthLoginActivity()

The OAuthLogin.startOAuthLoginActivity() method checks if there is a refresh token.
If there is a refresh token, the method attempts to refresh the access token.
If it succeeds, the OAuthLoginHandler object is called.
If it fails, the login window appears.
If there is not a refresh token, the login window appears.
The OAuthLoginHandler object is called, even when login is completed or canceled on the login window.
The following example shows how to implement login with the OAuthLogin.startOAuthLoginActivity() method.
/**
* If you pass OAuthLoginHandler as a parameter of the startOAuthLoginActivity() method or
register it to the OAuthLoginButton object, you can verify that authorization is
terminated.
*/
private OAuthLoginHandler mOAuthLoginHandler = new OAuthLoginHandler() {
@Override
public void run(boolean success) {
if (success) {
String accessToken = mOAuthLoginModule.getAccessToken(mContext);
String refreshToken = mOAuthLoginModule.getRefreshToken(mContext);
long expiresAt = mOAuthLoginModule.getExpiresAt(mContext);
String tokenType = mOAuthLoginModule.getTokenType(mContext);
mOauthAT.setText(accessToken);
mOauthRT.setText(refreshToken);
mOauthExpires.setText(String.valueOf(expiresAt));
mOauthTokenType.setText(tokenType);
mOAuthState.setText(mOAuthLoginModule.getState(mContext).toString());
} else {
String errorCode = mOAuthLoginModule.getLastErrorCode(mContext).getCode();
String errorDesc = mOAuthLoginModule.getLastErrorDesc(mContext);
Toast.makeText(mContext, "errorCode:" + errorCode
+ ", errorDesc:" + errorDesc, Toast.LENGTH_SHORT).show();
}
};
};
mOAuthLoginModule.startOauthLoginActivity(mContext, mOAuthLoginHandler);
Calling Login in a Weak Electric Field

If the login process is executed in a weak electric field, an error is returned based on the login methods as follows:
- If the user taps Back or Close to get back to the application where the user tries to perform login in a WebView
and gets an error stating, the OAuthErrorCode.CLIENT_USER_CANCEL error is returned.
19
- If call fails after a period of up to 10 seconds (as specified in the timeout) where the NAVER App or HttpClient
object is used in the login process, the OAuthErrorCode.CLIENT_ERROR_CONNECTION_ERROR error is
returned.
Get Access Tokens

If login succeeds, you can get the access token by using the OAuthLogin.getAccessToken() method.
If it fails, you can get an error code and failure reason by using the OAuthLogin.getLastErrorCode() and
OAuthLogin.getLastErrorDesc() methods.
Log Out
Call the OAuthLogin.logout() method to log out of the application.
mOAuthLoginModule.logout(mContext);
The OAuthLogin.logout() method deletes the tokens stored in the client, and the OAuthLogin.getState()
method returns the OAuthLoginState.NEED_LOGIN value.
Calling Logout in a Weak Electric Field

A weak electric field or network error does not affect the logout process because all it needs is to delete the tokens
previously stored.
Disconnect
Use the OAuthLogin.logoutAndDeleteToken() method to disconnect the NAVER ID` from the application.
Once the NAVER ID is disconnected, the tokens stored in the client and the server are all deleted. Since the
disconnecting is a network operation, you need to create a new thread with AsyncTask to call the method.
boolean isSuccessDeleteToken = mOAuthLoginInstance.logoutAndDeleteToken(mContext);
if (!isSuccessDeleteToken) {
// Even if it fails to delete the tokens from the server, those in the client are
deleted and the user is logged out.
// No additional actions can be taken because there is no token in the client.
Log.d(TAG, "errorCode:" + mOAuthLoginInstance.getLastErrorCode(mContext));
Log.d(TAG, "errorDesc:" + mOAuthLoginInstance.getLastErrorDesc(mContext));
}
You can see whether your NAVER ID is disconnected on the NAVER website for PC. Visit NAVER
(www.naver.com) and then go to My Info () > Security Settings () > Connect External
Services ( ). In the Connect External Services ( ) page, check out the
list under the External Services NAVER ( ) tab. If you cannot see NAVER Login
in the list, it means the NAVER ID has been disconnected from the application.
Disconnecting in a Weak Electric Field

The OAuthLogin.logoutAndDeleteToken() method deletes all tokens stored in both the client and the server. When a
network error occurs while the method is executed, the server call may fail and thus the tokens stored in it may not
be deleted. In this case, the NAVER ID may remain connected when you access My Info () > Security
Settings () > Connect External Services ( ) and checks out the list under the External
Services NAVER ( ) tab on the NAVER website for PC.
Make Open API Calls

Use the OAuthLogin.requestApi() method to access the limited resource, like open API, using an access
token.
20
mOAuthLoginModule.requestApi(mContext, accessToken, url);
Other Configurations
Logging
To use Android's logcat to view logging associated with NAVER Login, add the code like
AuthLoginDefine.DEVELOPER_VERSION = true. The prefix of logging that the NAVER Login library
outputs is NaverLoginOAuth.
Caution
With the option AuthLoginDefine.DEVELOPER_VERSION = true, confidential information such as tokens will also
be included in the log output. So, make sure that you set the option value to false before releasing the application.
Change UI Text
To provide UI text in multiple languages, add an element as the enum declared in the OAuthLoginString
class in the resource file, for example, res/value/naveroauthlogin_string.xml, as in the following example.
The existing UI text is replaced by the text configured in the element.
<resources>
<string name="naveroauthlogin_string_getting_token">Receiving access token..</string>
</resources>
API Reference
This section describes the main APIs necessary to add the NAVER Login library to your application.
OAuthErrorCode
An enum type class that contains the error codes related to the OAuth-based authorization process. The
error codes in this class correspond to those specified in "4.1.2.1. Error Response" of the "The OAuth 2.0
Authorization Framework" page.
The error codes are listed below, where those starting with "SERVER_ERROR_" mean errors that occur on
the server and those starting with "CLIENT_ERROR_" mean errors that occur on the application:
NONE
SERVER_ERROR_INVALID_REQUEST
SERVER_ERROR_UNAUTHORIZED_CLIENT
SERVER_ERROR_ACCESS_DENIED
SERVER_ERROR_UNSUPPORTED_RESPONSE_TYPE
SERVER_ERROR_INVALID_SCOPE
SERVER_ERROR_SERVER_ERROR
SERVER_ERROR_TEMPORARILY_UNAVAILABLE
ERROR_NO_CATAGORIZED
CLIENT_ERROR_PARSING_FAIL
CLIENT_ERROR_NO_CLIENTID
CLIENT_ERROR_NO_CLIENTSECRET
CLIENT_ERROR_NO_CLIENTNAME
CLIENT_ERROR_NO_CALLBACKURL
CLIENT_ERROR_CONNECTION_ERROR
CLIENT_ERROR_CERTIFICATION_ERROR
CLIENT_USER_CANCEL
The OAuthErrorCode class provides the methods as follows:
21
getCode()
getDesc()
getCode()
Description
Gets an error code.
Syntax
public String getCode();
Parameters
None
Return Value
An error code
Code Example
None
getDesc()
Description
Gets an error description.
Syntax
public String getDesc()
Parameters
None
Return Value
An error description
Code Example
None
OAuthLogin
A class that executes all operations necessary for NAVER Login.
The OAuthLogin class provides the methods as follows:
getAccessToken()
getExpiresAt()
getInstance()
getLastErrorCode()
getLastErrorDesc()
getRefreshToken()
getState()
getTokenType()
getVersion()
init()
22
logout()
logoutAndDeleteToken()
refreshAccessToken()
requestApi()
startOAuthLoginActivity()
getAccessToken()
Description
Gets an access token that is obtained as a result of login.
Syntax
public String getAccessToken(Context context);
Parameters
Parameter Type Required Description

context Context Y A context value used to access the shared preference
Return Value
An access token
Code Example
String at = mOAuthLoginInstance.getAccessToken(mContext);
return mOAuthLoginInstance.requestApi(mContext, at, url);
getExpiresAt()
Description
Gets expiration time of the access token.
Syntax
public long getExpiresAt(Context context);
Parameters

Return Value
Timestamp (in seconds)
Code Example
Log.d(TAG, "DEBUG expires at : " + OAuthLogin.getInstance().getExpiresAt(mContext));
getInstance()
Description
Gets a NAVER Login instance (singleton instance).
Syntax
public static OAuthLogin getInstance();
23
Parameters
None
Return Value
OAuthLogin object. Returns a new OAuthLogin object created with a singleton pattern or the one previously
created.
Code Example
mOAuthLoginInstance = OAuthLogin.getInstance();
getLastErrorCode()
Description
Gets an error code of the last login attempt that failed.
Syntax
public OAuthErrorCode getLastErrorCode(Context context);
Parameters

Return Value
An error code in the OAuthErrorCode type. For more information on the OAuthErrorCode class, see
"OAuthErrorCode."
Code Example
String errorCode = OAuthLogin.getInstance().getLastErrorCode(mContext).getCode();
String errorDesc = OAuthLogin.getInstance().getLastErrorDesc(mContext);
Toast.makeText(mContext, "errorCode:" + errorCode + ", errorDesc:" + errorDesc,
Toast.LENGTH_SHORT).show();
getLastErrorDesc()
Description
Gets an error message of the last login attempt that failed.
Syntax
public String getLastErrorDesc(Context context);
Parameters

Return Value
An error message
Code Example
String errorCode = OAuthLogin.getInstance().getLastErrorCode(mContext).getCode();
Toast.makeText(mContext, "errorCode:" + errorCode + ", errorDesc:" + errorDesc,
Toast.LENGTH_SHORT).show();
24
getRefreshToken()
Description
Gets a refresh token that is obtained as a result of login.
Syntax
public String getRefreshToken();
Parameters
None
Return Value
A refresh token
Code Example
Log.d(TAG, "DEBUG refresh token : " + OAuthLogin.getInstance().getRefreshToken(mContext));
getState()
Description
Gets the current state of the NAVER Login instance.
Syntax
public OAuthLoginState getState(Context context)
Parameters

Return Value
An error message in the OAuthLoginState type (e.g.: OAuthLoginState.NEED_INIT,
OAuthLoginState.NEED_LOGIN, OAuthLoginState.OK). For more information on the OAuthLoginState class,
see "OAuthLoginState."
Code Example
if (OAuthLoginState.OK.equals(OAuthLogin.getInstance().getState(this))) {
// The login button is not shown while the access token exists.
} else {
showNaverLoginButton();
}
getTokenType()
Description
Gets a token type obtained as a result of login.
Syntax
public String getTokenType(Context context);
Parameters

25
Return Value
A token type
Code Example
Log.d(TAG, "DEBUG token type : " + OAuthLogin.getInstance().getTokenType(mContext));
getVersion()
Description
Gets the NAVER Login library's version.
Syntax
public static String getVersion ();
Parameters
None
Return Value
A string in the form of "4.x.x"
Code Example
None
init()
Description
Sets client information in the NAVER Login instance.
Syntax
public void init(Context context, String clientId, String clientSecret, String clientName,
String callbackIntent);
Parameters

clientId String Y A client ID issued when an application was registered
clientSecret String Y A client secret issued when an application was registered
clientName String Y An application name displayed on the login screen of the
NAVER App. For a mobile web application, the application
name stored in the server is displayed.
callbackIntent String Y Deprecated (no longer used since version 4.1.4)
An intent value configured when an application was registered
Return Value
None
Code Example
mOAuthLoginInstance = OAuthLogin.getInstance();
26
logout()
Description
Deletes the access token and refresh token stored in the client.
Syntax
public void logout(Context context);
Parameters

Return Value
None
Code Example
case R.id.buttonOAuthLogout: {
OAuthLogin.getInstance().logout(mContext);
updateView();
break;
}
logoutAndDeleteToken()
Description
Disconnects the application form the NAVER ID by deleting the access tokens and refresh tokens stored in
both the client and the server.
Syntax
public boolean logoutAndDeleteToken();
Parameters
None
Return Value
Whether disconnection succeeds or not
True if it succeeds
False if fails as the tokens in the client are successfully deleted but those in the server are not done
Code Example
private class DeleteTokenTask extends AsyncTask<Void, Void, Void> {
@Override
protected Void doInBackground(Void... params) {
boolean isSuccessDeleteToken = mOAuthLoginInstance.logoutAndDeleteToken(mContext);
if (!isSuccessDeleteToken) {
// Even if it fails to delete the tokens in the server, those in the client are
deleted and the user is logged out.
// No additional actions can be taken because there is no token in the client.
Log.d(TAG, "errorCode:" + mOAuthLoginInstance.getLastErrorCode(mContext));
Log.d(TAG, "errorDesc:" + mOAuthLoginInstance.getLastErrorDesc(mContext));
}
return null;
}
protected void onPostExecute(Void v) {
27
updateView();
}
}
refreshAccessToken()
Description
Renews an access token with the refresh token stored in the client and returns the refreshed access token.
Syntax
public OAuthLogin refreshAccessToken(Context context);
Parameters

Return Value
An access token if it succeeds
Null if it fails
Code Example
private class RefreshTokenTask extends AsyncTask<Void, Void, String> {
@Override
protected String doInBackground(Void... params) {
return OAuthLogin.getInstance().refreshAccessToken(mContext);
}
protected void onPostExecute(String res) {

updateView();
}
}
requestApi()
Description
Requests an API with the GET method. It returns a content body when successful.
Syntax
public String requestApi(Context context, String accessToken, String url);
Parameters

Return Value
The result of an API call
A content body if the API call succeeds
Null if the API call fails
Code Example
private class RequestApiTask extends AsyncTask<Void, Void, String>{
@Override
protected void onPreExecute() {
mApiResultText.setText((String) "");
}
28
@Override
protected String doInBackground(Void... params) {
String url = "https://apis.naver.com/nidlogin/nid/getHashId_v2.xml";
String at = mOAuthLoginInstance.getAccessToken(mContext);
return mOAuthLoginInstance.requestApi(mContext, at, url);
}
protected void onPostExecute(String content) {

mApiResultText.setText((String) content);
}
}
startOAuthLoginActivity()
Description
Gets an access token and refresh token if login succeeds.
Syntax
public void startOauthLoginActivity(Activity activity, OAuthLoginCallback
oauthLoginCallback);
Parameters

activity Activity Y A context of the activity that executes the method
oauthLoginCallback OAuthLoginCallback Y A callback method that gets a result of login
Return Value
None
Remarks
If the API call fails (authorization failure) because of the invalid access token, use this method to get a new
access token and call the API again. However, you should use it only when the API authorization fails.
When you call the startOAuthLoginActivity() method in case of other failures such as a server error, the API
call may be repeated over and over again. To prevent such cases, you can add logic that limits the number
of API call retries.
Code Example
OAuthLogin.getInstance().startOauthLoginActivity(OAuthSampleActivity.this,
mOAuthLoginHandler);
OAuthLoginButton
A class that creates the NAVER Login button object.
The OAuthLoginButton class provides the methods as follows:
setBgResourceId()
setOAuthLoginHandler()
setBgResourceId()
Description
Sets an image as a background image of the button. If it is not specified, the default image is used.
Syntax
public void setBgResourceId(int resId);
29
Parameters

activity Activity Y A context of the activity that executes the method
resId int Y An ID of the image resource to be used instead of the default
background image
Return Value
None
Code Example
mOAuthLoginButton.setBgResourceId(R.drawable.img_naver_login_button);
setOAuthLoginHandler()
Description
Sets a handler that receives the login result when the user is logged in by tapping the NAVER Login button.
Syntax
public void setOAuthLoginHandler(OAuthLoginHandler oauthLoginHandler);
Parameters

oauthLoginHandler OAuthLoginHandler Y The handler to be executed when a login request is
completed by tapping the login button. For more
information on the handler, see
"OAuthLoginHandler."
Return Value
None
Code Example
mOAuthLoginButton = (OAuthLoginButton) findViewById(R.id.buttonOAuthLoginImg);
mOAuthLoginButton.setOAuthLoginHandler(mOAuthLoginHandler);
OAuthLoginHandler
A callback class that notifies that the OAuth-based authorization request ends.
The OAuthLoginHandler class provides the method as follows:
run()
run()
Description
Implements the instance of the the OAuthLoginHandler class and pass the created instance as a parameter
of the following two methods. Then, you can verify that the request ends using the run() method of the
instance.
OAuthLogin.startOAuthLoginActivity()
OAuthLoginButton.setOAuthLoginHandler()
30
Since the data obtained by calling the methods above is not directly passed to the OAuthLoginHandler class,
you can use the OAuthLogin.getAccessToken(), OAuthLogin.getRefreshToken() or
OAuthLogin.getLastErrorCode() method to verify it.
Syntax
public abstract void run(boolean success);
Parameters

success boolean Y Whether authorization succeeds or not
True if the OAuth 2.0-based authorization succeeds and an
access token and refresh token are successfully issued
False if the OAuth 2.0-based authorization fails, or if an
access token or refresh token is not issued because of
other reasons
Return Value
None
Code Example
mOAuthLoginHandler = new OAuthLoginHandler() {
@Override
public void run(boolean success) {
if (success) {
// Add the code to be executed when "NAVER Login" succeeds.
} else {
String errorCode = OAuthLogin.getInstance()
.getLastErrorCode(mContext).getCode();
Toast.makeText(mContext, "errorCode:" + errorCode
+ ", errorDesc:" + errorDesc, Toast.LENGTH_SHORT).show();
}
};
};
mOAuthLoginInstance.startOauthLoginActivity(OAuthSampleActivity.this, mOAuthLoginHandler);
OAuthLoginState
A class that returns the NAVER Login instance's current login state.
The NAVER Login instance's states are described below:
NEED_INIT: It needs initialization.
NEED_LOGIN: It needs login; no access token and refresh token exist.
NEED_REFRESH_TOKEN: It needs to refresh the token; there is no access token but a refresh token.
OK: An access token exists. However, this value may not be valid on the server if the NAVER ID is
disconnected. Check out My Info () > Security Settings () > Connect External
Services ( ) on the NAVER website (www.naver.com) for PC.
31
NAVER Login for iOS
NAVER Login for iOS

This chapter describes how to implement the NAVER Login features for iOS.
The NAVER Login library for iOS, written in Objective-C, enables you to easily add the login, logout, and
token management features to your application.
To download the library, see "NAVER Login Library for iOS."
Preparations
This section describes how to make preparations to add NAVER Login to your application and how to set up
the development environment.
Requirements
Environmental requirements to use the NAVER Login library for iOS are as follows
SDK: iOS SDK 5.1.1 or later (support for 64-bit architecture)
IDE: Xcode 6.0 or later
Note
Automatic Reference Counting (ARC) is applied to this library.
Library Files
The configuration library for iOS consists of two folders as follows:
thirdPartyModule folder
NaverThirdPartyLoginConnection.h: Declares the interface API of the NAVER Login library.
NaverThirdPartyConstantsForApp.h: Configures constant values for an application such as a client
ID, client secret, application name, and application URL scheme.
NLoginThirdPartyOAuth20InAppBrowserViewController.h: Configures the in-app browser header for
the NAVER Login authorization.
NLoginThirdPartyOAuth20InAppBrowserViewController.m: Implements the in-app browser for the
NAVER Library authorization.
libNaverLogin.a: Configures a static library for NAVER Login.
Resources folder
login_*.png: Image files used in the in-app browser
(NLoginThirdPartyOAuth20InAppBrowserViewController.*)
Development Environment Setup

Unzip the downloaded file and then configure the environment as follows:
1. Copy the thirdPartyModule and Resources folders and then add them to your project.
2. Specify the parent path of a sample project folder which has been added to Header Search Paths
under Build Settings in Xcode.
3. To use a static library, add an -ObjC all_load option in Other Linker Flags under Build Settings.
33
OAuth 2.0 Authorization Flow

When the application uses OAuth 2.0 to access NAVER Login, the authorization flow, such as requesting
the process, obtaining authorization codes and access tokens, and calling open APIs, among the application,
NAVER APP, and NAVER server is as follows:
Getting Authorization Codes
When the user is logged into your application with the NAVER ID, the application requests the OAuth 2.0
authorization to the NAVER App. The NAVER App gets an authorization code via the Quick Sing-in process
and returns the obtained code to the application through the URL scheme of the application.
If the NAVER App is not installed, the in-app browser is used to perform the process. After the process, the
authorization code will be returned to the application through the URL scheme of the application. The
application determines whether it succeeds or not using the authorization code and prepares values
required for calling open APIs.
34
NAVER Login for iOS
Getting Access Tokens
If getting an authorization code succeeds, the NAVER Login library will automatically call the NAVER server
to get an access token and refresh token.
As a result of calling the server, the NAVER Login library gets a value to call a delegate and the application
determines whether it succeeds or not. If it succeeds, an access token is generated so that an open API call
can be made.
Making Open API Calls
In order to make an open API call, the application should generate an authorization header string using the
access token. This configured string will be sent the NAVER server with it included in the HTTP header field.
How to Add
This section describes how to add the NAVER Login library to your application.
Basic Configurations
Configure Authorization Method

You need to configure the authorization method used for NAVER Login. There are two ways to implement
authorization for iOS: One is to enable authorization by activating the NAVER App and the other is to enable
authorization by executing an in-app browser in the application.
35
If both methods are enabled, the process to check if the NAVER APP is installed on the user's device is
performed during the login process. If the NAVER APP is installed, the NAVER App is used for authorization;
otherwise, an in-app browser is used.
To enable authorization by activating the NAVER App, add the code below to the application delegate.
[[NaverThirdPartyLoginConnection getSharedInstance] setIsNaverAppOauthEnable:YES];
To enable authorization by executing an in-app browser, add the code below to the application delegate.
[[NaverThirdPartyLoginConnection getSharedInstance] setIsInAppOauthEnable:YES];
Configure Screen Orientation

To enable authorization in portrait mode only, add the code below.
[[NaverThirdPartyLoginConnection getSharedInstance] setOnlyPortraitSupportInIphone:YES];
Configure the OK Button of In-App Browser

To allow the OK button language of an in-app browser to be changed based on the iOS setting, add a string
"Localized resources can be mixed" as a key in the {project name}-info.plist file (e.g.: NaverOAuthSample-
info.plist) and specify its value to YES.
Add NAVER Login

Enter the appropriate values for your application in the NaverThirdPartyConstantsForApp.h file, which is
used to configure constants for the NAVER Login library.
...
#define kUrlSampleAppUrlScheme @"thirdparty20samplegame" // URL scheme to receive the
callback
#define kConsumerKey @"jyvqXeaVOVmV" // client ID to be used in your application
#define kConsumerSecret @"527300A0_COq1_XV33cf" // client secret to be used in your
application
#define kServiceAppName @"Log in with NAVER" // application name
The following table shows the properties to be configured.
Property Description
kUrlSampleAppUrlScheme A URL scheme entered when an application was registered; it is used to receive
the callback after OAuth 2.0-based authorization is completed.
kConsumerKey A client ID issued after an application was registered
kConsumerSecret A client secret issued after an application was registered
kServiceAppName An application name
Configure the NaverThirdPartyLoginConnection object in the application delegate as described below so

that the constant values configured in the NaverThirdPartyConstantsForApp.h file can be used in the
application.
#import "NaverThirdPartyConstantsForApp.h"
- (BOOL)application:(UIApplication *)application
didFinishLaunchingWithOptions:(NSDictionary *)launchOptions
{
... omitted ...
36
NAVER Login for iOS
NaverThirdPartyLoginConnection *thirdConn = [NaverThirdPartyLoginConnection

getSharedInstance];
[thirdConn setServiceUrlScheme:kServiceAppUrlScheme];
[thirdConn setConsumerKey:kConsumerKey];
[thirdConn setConsumerSecret:kConsumerSecret];
[thirdConn setAppName:kServiceAppName];
... omitted ...
return YES;
}
The following table shows the properties used in the NaverThirdPartyLoginConnection object.
Property Description
serviceUrlScheme A URL scheme receiving the callback after OAuth 2.0-based OAuth 2.0-based
authorization is completed; entered when an application was registered.
consumerKey A client ID issued after an application was registered; used to request an access token.
consumerSecret A client secret issued after an application was registered; used to request an access
token.
appName An application name
Log In
Create the NaverThirdPartyLoginConnection instance and call the API below to request an access token.
- (void) requestThirdPartyLogin;
The library module calls the NAVER App using the Quick Sign-in scheme when the above API calls. If the
NAVER App is not installed, a webpage is opened in the in-app browser.
// SampleOAuthViewController.m
- (void) requestThirdpartyLogin {
// Request authorization to the NaverThirdPartyLoginConnection instance.
NaverThirdPartyLoginConnection *tlogin = [NaverThirdPartyLoginConnection
getSharedInstance];
tlogin.delegate = self;
[tlogin requestThirdPartyLogin];
}
Calling Login in a Weak Electric Field

- If login succeeds, the - (void)oauth20ConnectionDidFinishRequestACTokenWithAuthCode; delegate is called
and you can get the access token with the accessToken method.
- If it fails, the - (void)oauth20Connection:(NaverThirdPartyLoginConnection *)oauthConnection
didFailWithError:(NSError *)error; delegate is called and you can get an error code and message with the error
variable.
Get Authorization Codes and Access Tokens

After OAuth 2.0-based authorization is completed on the NAVER App, you can get the authorization code
through the URL scheme of an application as follows:
{URL scheme of
application}://thirdPartyLoginResult?version=2&code=0&authCode={authorization code}
The application checks that the URL value received is the same as the URL scheme passed as a parameter
and then sends it (URL value) to the NAVER Login library. Call the API below in the application to send the
result value received from the NAVER App to the NAVER Login library.
- (THIRDPARTYLOGIN_RECEIVE_TYPE) receiveAccessToken:(NSURL *) url
The receiveAccessToken method of the NAVER Login library returns the state value of a result received
from the NAVER App. The application should process the return value as appropriate for each state.
37
The following table shows the state values of vTHIRDPARTYLOGIN_RECEIVE_TYPE.
State Value Description

SUCCESS The value is successfully returned.
The library calls the NAVER server to get an access token and refresh token
automatically through an authorization code.
PARAMETERNOTSET The parameter is not set.
CANCELBYUSER Login is cancelled by user.
NAVERAPPNOTINSTALLED Authorization is not enabled for an in-app browser and the NAVER App is
not installed. The library induces users to install the NAVER App by asking
them to visit the App Store.
NAVERAPPVERSIONINVALID Authorization is not enabled for an in-app browser and the version of the
NAVER App installed is not valid. The library induces users to update the
NAVER App by asking them to visit the App Store.
OAUTHMETHODNOTSET Authorization is not enabled for both an in-app browser and the NAVER App.
To use NAVER Login, you should enable either of them. For information on
enabling authorization, see "Configure Authorization Method."
// NaverOAuthSampleAppDelegate.m
- (BOOL)application:(UIApplication *)application openURL:(NSURL *)url
sourceApplication:(NSString *)sourceApplication annotation:(id)annotation {
if ([[url scheme] isEqualToString:@"thirdpartysamplegame"]) {
if ([[url host] isEqualToString:@"thirdPartyLoginResult"]) {
NaverThirdPartyLoginConnection *thirdConnection =
[NaverThirdPartyLoginConnection getSharedInstance];
THIRDPARTYLOGIN_RECEIVE_TYPE resultType = [thirdConnection
receiveAccessToken:url];
if (SUCCESS == resultType) {
NSLog(@"Getting auth code from NaverApp success!");
} else {
// The application handles an error based on resultType.
}
}
return YES;
}
return NO;
}
Refresh Access Tokens

The access token is valid only for 3,600 seconds (one hour) after it is issued. You should renew an access
token using a refresh token after it expires. Use the method below to validate an access token.
- (BOOL) isValidAccessTokenExpireTimeNow;
Return Value Description

YES The access token exists and the session remains valid.
NO The access token does not exist or the session expires.
Use the method below to renew an access token.

- (void)requestAccessTokenWithRefreshToken;
Call the delegate below after calling the method.
@protocol NaverThirdPartyLoginConnectionDelegate <NSObject>
// If it succeeds, the delegate below is called.
- (void)oauth20ConnectionDidFinishRequestACTokenWithRefreshToken;
// If it fails, the delegate below is called.
- (void)oauth20Connection:(NaverThirdPartyLoginConnection *)oauthConnection
didFailWithError:(NSError *)error;
The following example shows how to renew an access token using the method.
38
NAVER Login for iOS
- (void) requestAccessTokenWithRefreshToken {
NaverThirdPartyLoginConnection *_tlogin = [NaverThirdPartyLoginConnection
getSharedInstance];
_tlogin.delegate = self;
[_tlogin requestAccessTokenWithRefreshToken];
}
Log Out
After the user is logged out of an application, token information of NAVER Login stored in the application
should be deleted. Use the method below to delete the token information.
- (void)resetToken;
Calling Logout in a Weak Electric Field

A weak electric field or network error does not affect the logout process because all it needs is to delete the tokens
previously stored.
Disconnect
If the user disconnects the NAVER ID from the application, information stored in the application and the
NAVER server should be deleted. Use the method below to request disconnection.
- (void)requestDeleteToken;
Call the delegate below after calling the method.
@protocol NaverThirdPartyLoginConnectionDelegate <NSObject>
// If it succeeds, the delegate below is called.
- (void)oauth20ConnectionDidFinishDeleteToken;// If it fails, the delegate below is
called.
// If it fails, the delegate below is called. (Even though it fails to call the server,
the token stored in the application is deleted.)
- (void)oauth20Connection:(NaverThirdPartyLoginConnection *)oauthConnection
didFailWithError:(NSError *)error;
The following example shows how to disconnect the NAVER ID using the method.
- (void) requestDeleteToken {
getSharedInstance];
[_tlogin requestDeleteToken];
}
You can see whether your NAVER ID is disconnected on the NAVER website for PC. Visit NAVER
(www.naver.com) and then go to My Info () > Security Settings () > Connect External
Services ( ). In the Connect External Services ( ) page, check out the
list under the External Services NAVER ( ) tab. If you cannot see NAVER Login
in the list, it means the NAVER ID has been disconnected from the application.
Disconnecting in a Weak Electric Field

The requestDeleteToken method deletes all tokens stored in both the client and the server. When a network error
occurs while the method is executed, the server call may fail and thus the tokens stored in it may not be deleted.
Make Open API Calls

You can implement the feature to access the limited resource like open API, using an access token.
Specify the OAuth bearer token in the HTTP request header as follows:
39
NSString *urlString = @"https://apis.naver.com/nidlogin/nid/getUserProfile.xml"; // User

profile call API URL
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL
URLWithString:urlString]];
NSString *authValue = [NSString stringWithFormat:@"Bearer %@",
_thirdPartyLoginConn.accessToken];
[urlRequest setValue:authValue forHTTPHeaderField
API Reference
NaverThirdPartyLoginConnection
The basic class of NAVER Login.
The NaverThirdPartyLoginConnection class provides the methods as follows:
(NSString *)accessToken
(NSDate *)accessTokenExpireDate
(NaverThirdPartyConnection *)getSharedInstance
(NSString *)getVersion
(BOOL)isValidAccessTokenExpireTimeNow
(THIRDPARTYLOGIN_RECEIVE_TYPE)receiveAccessToken: (NSURL *)url
(NSString *)refreshToken
(void)requestAccessTokenWithRefreshToken
(void)requestDeleteToken
(void)requestThirdPartyLogin
(void)resetToken
(void)setAppName:(NSString *)appName
(void)setConsumerKey:(NSString *)consumerKey
(void)setConsumerSecret:(NSString *)consumerSecret
(void)setServiceUrlScheme:(NSString *)serviceUrlScheme
(NSString *)tokenType
(NSString *)accessToken
Description
Gets an access token that is obtained from the NAVER server as a result of login.
Syntax
@property (nonatomic, strong) NSString *accessToken;
Parameters
None
Return Value
An access token
Code Example
NSString *accessToken = [[NaverThirdPartyLoginConnection getSharedInstance] accessToken];
(NSDate *)accessTokenExpireDate
Description
Gets expiration time of the access token.
40
NAVER Login for iOS
Syntax
@property (nonatomic, string) accessTokenExpireDate;
Parameters
None
Return Value
Expiration time of the access token (NSDate type)
Code Example
NSDate *accessTokenExpireDate = [[NaverThirdPartyLoginConnection getSharedInstance]
accessTokenExpireDate];
(NaverThirdPartyConnection *)getSharedInstance
Description
Gets a NAVER Login instance (singleton instance).
Syntax
+ (NaverThirdPartyConnection *) getSharedInstance;
Parameters
None
Return Value
The NaverThirdPartyConnection object. Returns a new NaverThirdPartyConnection object created with a
singleton pattern or the one previously created.
Code Example
NaverThirdPartyConneciton *thirdPartyConn = [NaverThirdPartyConnection getSharedInstance];
(NSString *)getVersion
Description
Get the NAVER Login library's version.
Syntax
- (NSString *)getVersion;
Parameters
None
Return Value
The NAVER Login library's version; a string in the form of @"4.x.x."
Code Example
None
41
(BOOL)isValidAccessTokenExpireTimeNow
Description
Checks whether the access token exists and the session remains valid. Note that it cannot be checked if the
session expires in the server.
Syntax
- (BOOL) isValidAccessTokenExpireTimeNow;
Parameters
None
Return Value
Whether the access token is valid or not
YES if the access token exists and the session remains valid
NO if the access token does not exist or the session expires
Code Example
if ( [ [NaverThirdPartyLoginConnection getSharedInstance]
isValidAccessTokenExpireTimeNow] ) {
// API call
} else {
// Get an access token using a refresh token after checking the existence of the
refresh token or process the NAVER login again.
}
(THIRDPARTYLOGIN_RECEIVE_TYPE)receiveAccessToken: (NSURL *)url
Description
Handles the URL scheme that is obtained as a result of login.
The receiveAccessToken method of the NAVER Login library receiving the URL returns the state value
received from the NAVER App. The application should process the return value as appropriate for each
state.
It should be called in - (BOOL)application:(UIApplication *)application openURL:(NSURL *)url
sourceApplication:(NSString *)sourceApplication annotation:(id)annotation; which is one of application
delegate methods.
Syntax
- (THIRDPARTYLOGIN_RECEIVE_TYPE)receiveAccessToken:(NSURL *)url;
Parameters

url NSURL Y The URL scheme information returned
42
NAVER Login for iOS
Return Value
THIRDPARTYLOGIN_RECEIVE_TYPE; the state value received from the NAVER App.
The following table shows the state values of THIRDPARTYLOGIN_RECEIVE_TYPE.
Status Value Description

SUCCESS The value is successfully returned.
The library calls the NAVER server to get an access token and refresh
token automatically through an authorization code.
PARAMETERNOTSET The parameter is not set.
CANCELBYUSER Login is cancelled by user.
NAVERAPPNOTINSTALLED Authorization is not enabled for an in-app browser and the NAVER
App is not installed. The library induces users to install the NAVER
App by asking them to visit the App Store.
NAVERAPPVERSIONINVALID Authorization is not enabled for an in-app browser and the version of
the NAVER APP is not valid. The library induces users to update the
NAVER APP by asking them to visit the App Store.
OAUTHMETHODNOTSET Authorization is not enabled for both an in-app browser and the
NAVER APP. To use NAVER Login, you should enable either of them.
For information on enabling authorization, see "Configure
Authorization Method."
Code Example
- (BOOL)application:(UIApplication *)application openURL:(NSURL *)url
sourceApplication:(NSString *)sourceApplication annotation:(id)annotation;
if ([[url scheme] isEqualToString:kServiceAppUrlScheme]) {
if ([[url host] isEqualToString:kCheckResultPage]) {
// Pass the URL value received from the NAVER App to the
NaverThirdPartyLoginConnection instance.
NaverThirdPartyLoginConnection *thirdConnection =
[NaverThirdPartyLoginConnection getSharedInstance];
THIRDPARTYLOGIN_RECEIVE_TYPE resultType = [thirdConnection
receiveAccessToken:url];
if (SUCCESS == resultType) {
NSLog(@"Getting auth code from NaverApp success!");
} else {
// The application handles an error based on resultType.
}
}
return YES;
}
return NO;
}
(NSString *)refreshToken
Description
Gets a refresh token that is obtained from the NAVER server as a result of login.
Syntax
@property (nonatomic, string) NSString * refreshToken;
Parameters
None
Return Value
A refresh token
43
Code Example
NSString *refreshToken = [[NaverThirdPartyLoginConnection getSharedInstance]
refreshToken];
(void)requestAccessTokenWithRefreshToken
Description
Renews an access token with the refresh token stored in the client.
Syntax
- (void) requestAccessTokenWithRefreshToken;
Parameters
None
Return Value
None
Code Example
getSharedInstance];
[_tlogin requestAccessTokenWithRefreshToken];
(void)requestDeleteToken
Description
Deletes the access token and refresh token stored in the client and the server.
Syntax
- (void)requestDeleteToken;
Parameters
None
Return Value
None
Code Example
getSharedInstance];
[_tlogin requestDeleteToken];
(void)requestThirdPartyLogin
Description
Requests the NAVER authorization process.
Syntax
-(void)requestThirdPartyLogin;
Parameters
None
44
NAVER Login for iOS
Return Value
None
Code Example
NaverThirdPartyLoginConnection *tlogin = [NaverThirdPartyLoginConnection
getSharedInstance];
tlogin.delegate = self;
[tlogin requestThirdPartyLogin];
(void)resetToken
Description
Deletes the access token and refresh token stored in the client.
Syntax
- (void)resetToken;
Parameters
None
Return Value
None
Code Example
[[NaverThirdPartyLoginConnection getSharedInstance] resetToken];
(void)setAppName:(NSString *)appName
Description
Sets an application name to be displayed on the login screen of the NAVER APP. For a mobile web
application, the application name stored in the server is displayed.
Syntax
- (void) setAppName:(NSString *)appName;
Parameters

appNam NSString Y An application name entered when an application was
registered
Return Value
None
Code Example
[[NaverThirdPartyConnection getSharedInstance] setAppName:@"Log in with NAVER "];
(void)setConsumerKey:(NSString *)consumerKey
Description
Sets a client ID to be used for the NAVER authorization process.
Syntax
- (void) setConsumerKey:(NSString *)consumerKey;
45
Parameters

consumerKey NSString Y A client ID issued after an application was registered
Return Value
None
Code Example
[[NaverThirdPartyConnection getSharedInstance] setConsumerKey:@"abcdefg"];
(void)setConsumerSecret:(NSString *)consumerSecret
Description
Sets a client secret to be used for the NAVER authorization process.
Syntax
- (void) setConsumerSecret:(NSString *)consumerSecret;
Parameters

consumerSecret NSString Y A client secret issued after an application was registered
Return Value
None
Code Example
[[NaverThirdPartyConnection getSharedInstance] setConsumerSecret:@"abcdefg"];
(void)setServiceUrlScheme:(NSString *)serviceUrlScheme
Description
Sets the URL scheme to be returned after the NAVER authorization process is completed on the NAVER
App.
Syntax
- (void)setServiceUrlScheme:(NSString *)serviceUrlScheme;
Parameters

serviceUrlScheme NSString Y A URL scheme entered when an application was
registered
Return Value
None
Code Example
[[NaverThirdPartyConnection getSharedInstance] setServiceUrlScheme:@"appurlscheme"];
46
NAVER Login for iOS
(NSString *)tokenType
Description
Gets a token type.
Syntax
@property (nonatomic, string) (NSString *)tokenType;
Parameters
None
Return Value
A token type
Code Example
NSString *tokenType = [[NaverThirdPartyLoginConnection getSharedInstance] tokenType];
47
NAVER Login for the Web

This chapter describes how to implement the NAVER Login features for the Web with PHP and Java
(server-side languages) or JavaScript (front-end language).
NAVER Login with PHP and Java

In a web application, you can use the NAVER Login features through calling the API requesting an access
token and getting a response. Here, we will explain how to implement NAVER Login to a web application
using PHP and Java, two most commonly used server-side languages.
For information on NAVER Login APIs, see "API Reference."
Generate State Tokens to Prevent CSRF Attacks

A web application is vulnerable to CSRF (cross-site request forgery) attacks because it is using a browser.
To protect against CSRF attacks, you will need a unique session token that can keep the state between an
application and the user. With this token, it can be confirmed whether it is normally requested by the user or
not, through verifying this token with the session token that will be received later as an authorization result.
This session token is called a state token; it should be maintained during the NAVER Login process and it
must have a unique value.
The code examples below show how to generate a state token. The generated token should be stored in the
session or separate storage.
In PHP
// Generate a state token to prevent CSRF attacks.
// The generated state token should be stored in the session for further verification.
function generate_state() {
$mt = microtime();
$rand = mt_rand();
return md5($mt . $rand);
}
// Generate random strings to be used as a state token.

$state = generate_state();
// Store the generated state token in the session or separate storage.
$session->set_state($state);
return $state;
In Java
// Generate a state token to prevent CSRF attacks.
// The generated state token should be stored in the session for further verification.
public String generateState()

{
SecureRandom random = new SecureRandom();
return new BigInteger(130, random).toString(32);
}
// Generate random strings to be used as a state token.

String state = generateState();
// Store the generated state token in the session or separate storage.
request.session().attribute("state", state);
return state;
49
Make Authorization Requests with NAVER Login

After you successfully generate a state token, you should make an authorization request that calls the
NAVER login page. The format combines the authorization URL provided by NAVER with a client ID and
state token. During the process, data is transmitted over HTTPS and the format is as follows:
Authorization Request Format

https://nid.naver.com/oauth2.0/authorize?client_id={client
ID}&response_type=code&redirect_uri={callback URL registered in the NAVER Login
Developers site(URL encoded)}&state={state token}
The following list describes the parameters of this authorization request.
client_id: A client ID issued after an application was registered
response_type: A value indicating the authorization process. Its value is fixed to code.
redirect_uri: A callback URL (URL encoded) that receives the authorization result of NAVER login. A
value entered in Callback URL when an application was registered.
state: A state token generated by an application
Authentication and Authorization with NAVER

When a web page is moved or an authentication request based on URL is sent in a new window, the
NAVER login page is opened in a browser. In the login page, if the user enters the NAVER ID and password
and the login succeeds, then authentication verifying a user's identify is completed.
PC Web Login (left) & Mobile Web Login (right)

After authentication is completed, the user will be redirected to the page asking for permissions to access
his/her information. If the user agrees to the terms, the authorization information will be transferred to a
callback URL specified in the redirect_uri parameter.
50
PC Web Permission Request (left) & Mobile Web Permission Request (right)
Verify State Tokens

After the user successfully completes the authorization, the information is sent to the pre-configured callback
URL. The response format is a query string as follows:
Authorization Information Response Format

{callback URL registered in the NAVER Login Developers site}?state={state
token}&code={authorization code}
The following list describes the parameters of this authorization information.
state: A state token received as a callback. This token must match what an application generated.
code: An authorization code received as a callback. Used to issue an access token.
First, you must ensure that the callback request received is normally made. To make it sure, you should
check whether the state parameter value received matches the state token which was generated in the first
place. If they do not match, it is likely that the session is not valid.
The code examples below show how to verify the state tokens.
In PHP
// // Verify a state token to prevent CSRF attacks.
// A state token stored in the session or separate storage should match the state
parameter value passed as a callback.
// Get the state parameter value from the callback response.

$state = $request->get_parameter(state);
// Get a state token from the session or separate storage.
$stored_state = $session->get_state();
if( $state != $stored_state ) {

return RESPONSE_UNAUTHORIZED; //401 unauthorized
} else {
return RESPONSE_SUCCESS; //200 success
}
In Java
// Verify a state token to prevent CSRF attacks.
// A state token stored in the session or separate storage should match a value of the
state parameter passed as a callback.
// Get the state parameter value from the callback response.

String state = request.queryParams(state);
51
// Get a state token from the session or separate storage.

String storedState = request.session().attribute(state);
if( !state.euals( storedState ) ) {

return RESPONSE_UNAUTHORIZED; //401 unauthorized
} else {
Return RESPONSE_SUCCESS; //200 success
}
Get Access Tokens

After you complete the verification process, you should get an access token, the eventual value for
authorization, using the authorization code received. The authorization code consists of random letters like
IpoXcXsQxoYNseP3. It can be used only once when issuing an access token; the used code is no longer
available. During the process, data is transmitted between servers over HTTPS and the format is as follows:
Request Format for Getting Access Tokens

https://nid.naver.com/oauth2.0/token?client_id={client ID}&client_secret={client
secret}&grant_type=authorization_code&state={state token}&code={authorization code}
The following list describes the parameters of issuing the access token.
client_secret: A client secret issued after an application was registered
grant_type: A value indicating the authorization type. Its value is fixed to authorization_code.
state: A state token that an application generated
code: An authorization code received as a callback
When you successfully get the access token, you will receive a result with the code below, including the
access token and refresh token in JSON. The access token is valid for the period specified in the
expires_in property. You should renew an access token using the refresh token after it expires.
{
"access_token": "AAAAQosjWDJieBiQZc3to9YQp6HDLvrmyKC+6+iZ3gq7qrkqf50ljZC+Lgoqrg",
"refresh_token": "c8ceMEJisO4Se7uGisHoX0f5JEii7JnipglQipkOn5Zp3tyP7dHQoP0zNKHUq2gY",
"token_type": "bearer",
"expires_in": "3600"
}
Get NAVER User Profile

You can get the profile information of the NAVER users using the access token. A user profile is made up of
user's identification information such as an ID and a nickname and user information like an email address.
Request Format for Getting User Profile

https://apis.naver.com/nidlogin/nid/getUserProfile.xml
To make a request, send a request header including the access token as follows: The token type should be
Bearer.
Authorization: {token type] {access token]
The following shows an example of a request header to get user profile information.
User-Agent: curl/7.12.1 (i686-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0.9.7a
zlib/1.2.1.2 libidn/0.5.6
Host: apis.naver.com
Pragma: no-cache
Accept: */*
Authorization: Bearer
AAAAOLtP40eH6P5S4Z4FpFl77n3FD5I+W3ost3oDZq/nbcS+7MAYXwXbT3Y7Ib3dnvcqHkcK0e5/rw6ajF7S/QlJA
gUukpp1OGkG0vzi16hcRNYX6RcQ6kPxB0oAvqfUPJiJw==
When you succeed in getting the user profile, you will get a result in XML as follows:
<?xml version="1.0" encoding="UTF-8"?>
52
<data>
<result>
<resultcode>00</resultcode>
<message>success</message>
</result>
<response>
<enc_id>AkKauiSQz</enc_id>
<nickname>naverIDLogin</nickname>
<id>NAVERID</id>
<gender>M</gender>
<age>40-49</age>
<birthday>01-01</birthday>
<profile_image>http://naver.com/image.url.jpg</profile_image>
</response>
</data>
In addition, you can use various APIs that NAVER provides to get results, using the issued access token.

The access token issued is a substitute for user authorization and it is used as an authorization value to use
open APIs. The OAuth access token is not a permanent access token and it is valid only for a limited period.
The validity period is set in expires_in, which is one of information received when issuing the access token.
Once the token expires, it is no longer valid. Therefore, you should get a new access token or refresh the
access token using the refresh token.
Request Format for Refreshing Access Tokens

https://nid.naver.com/oauth2.0/token?grant_type=refresh_token&client_id={client
ID}&client_secret={client secret}&refresh_token={refresh token}
grant_type: A value indicating the authorization process. Its value is fixed to refresh_token.
refresh_token: A refresh token issued as a result of authenticating users with NAVER
The code formatted using JSON is returned as a result on success.
{
"access_token":
"AAAAQjbRkysCNmMdQ7kmowPrjyRNIRYKG2iGHhbGawP0xfuYwjrE2WTI3p44SNepkFXME/NlxfamcJKPmUU4dSUh
z+R2CmUqnN0lGuOcbEw6iexg",
"token_type": "bearer",
"expires_in": "3600"
}
Delete Access Tokens

If issued access tokens are no longer used or the user wants to disconnect from your application, you need
to delete access tokens.
Request Format for Deleting Access Tokens

https://nid.naver.com/oauth2.0/token?grant_type=delete&client_id={client
ID}&client_secret={client secret}&access_token={access token}&service_provider=NAVER
grant_type: A value indicating the authorization type. Its value is fixed to delete.
access_token: An issued access token. The URL should be in its encoded form.
service_provider: The name of an authorization provider. Its value is fixed to NAVER.
The code formatted using JSON is returned as a result on success.
{
"access_token":"c8ceMEjfnorlQwEisqemfpM1Wzw7aGp7JnipglQipkOn5Zp3tyP7dHQoP0zNKHUq2gY",
"result":"success"
53
NAVER Login with the JavaScript Library

NAVER Login lets you easily add it to your application by offering its JavaScript library. With this library, you
can implement NAVER Login to your application simply by inserting JavaScript code into your HTML page.
For downloading the NAVER Login library for JavaScript, see "NAVER Login Library for JavaScript."
Requirements
The jQuery framework is required for you to use the NAVER Login library. Please prepare the environment
as follows:
jQuery 1.10.0 or later
You will need to apply both jQuery and the NAVER Login library to every web page using NAVER Login,
including pages that handle callbacks as well as pages that contain the NAVER Login button. You can use
the NAVER Login library by adding the URL or loading the JavaScript file into your HTML page.
The code example below shows how to apply the NAVER Login library to a HTML page using a URL.
Code Example of Applying the NAVER Login Library

<head>
<script type="text/javascript" src="https://static.nid.naver.com/js/naverLogin_implicit-
1.0.1.js"></script>
</head>
<body>
<div id="naver_id_login"></div>
<script type="text/javascript">
var naver_id_login = new naver_id_login("registered_clientID", "registered_callbackURL");
naver_id_login.setButton("white", 2,40);
naver_id_login.setDomain(".service.com");
naver_id_login.setState("abcdefghijkmnopqrst");
naver_id_login.setPopup();
naver_id_login.init_naver_id_login();
</script>
Basic Configurations
The JavaScript library lets you integrate your application with NAVER Login by simply calling a login function.
If you add the NAVER Login button and register an event on the button, clicking/tapping the button will
automatically redirect the user to the NAVER login page.
You can find the links to download the button images in "NAVER Login Button Brand Guidelines" of this
document or directly download them using the links below.
AI file format
PNG file format
Please follow the brand guidelines described in this document.
The section below describes how to add the NAVER Login button to a HTML page and call a login function.
In the code examples, {registered_clientID} refers to a client ID issued and {registered_callbackURL} refers
to a URL entered in Callback URL when you registered your application.
The code generating a state token is added to prevent CSRF attacks.
Add the Client ID and Callback URL

Add the code that configures basic settings to use the JavaScript library. You are required to register your
application for this operation.
54
Note
The site where you can conduct an application registration is currently offered only in Korean. Therefore you should
send us your NAVER ID by email to dl_signwithnaver@navercorp.com. Then, you will get informed of the overall
registration procedure in English.
You can create a NAVER ID in the NAVER signup page if you don't have one.
Create the NAVER Login Button

The JavaScript library enables you to automatically create the NAVER Login button. There are 6 types of
buttons (2 colors and 3 sizes combinations) and it can be configured as follows:
<div id="naver_id_login"></div> 
naver_id_login.setButton("white", 1,40); //Configuring the NAVER Login button
</script>
The following list describes the options available.
Color: white, green
Size: 1 (button type), 2 (small type), 3 (large type)
Height: customizable
Configure the Popup Window

Add the code below to display the authorization popup of NAVER Login.
naver_id_login.setPopup(); //Configuring the authorization popup
</script>
Configure Subdomains to Compare State Tokens

Problems may arise when comparing state tokens if the subdomain of a callback URL is not the same as
that of a URL where the NAVER Login button exists.
Let's say, for example, that the NAVER Login button exists in the sub1.service.com/login.html page and the
callback for NAVER Login exists in the sub2.service.com/callback.html page. As state tokens are stored and
passed as a cookie, you need to add the code below to make the cookie available to both subdomains.
naver_id_login.setDomain(".service.com"); //Configuring subdomains to compare state
tokens
</script>
Request Authentication
The JavaScript library lets you integrate your application with NAVER Login by simply calling a login function.
Clicking/tapping the created button will automatically redirect the user to the NAVER login page. When the
authentication process through the login page is completed, the authentication information is transferred to
the callback URL configured in the "Basic Configurations" section. The JavaScript library allows you to
handle the next step automatically, by getting the authentication information transferred via the callback URL.
The code example below shows how to add configurations to handle callbacks.
<head>
1.0.1.js"></script>
</head>
<body>
<div id="naver_id_login"></div>
55
naver_id_login.setButton("white", 2,40);
naver_id_login.setState("abcdefghijkmnopqrst");
naver_id_login.setPopup();
</script>
Authentication and Authorization with NAVER

If all steps stated above are applied, it is ready to start the user authorization triggered when clicking/tapping
the login button and finally get an access token to be obtained as a result of user authorization.
The user authorization process is executed in a user browser and includes the NAVER's login authorization
process.
The login authorization is executed by either opening a new page or displaying a popup, such as described
in "Authentication and Authorization with NAVER" under the "NAVER Login with PHP and Java" section.
Get Access Tokens

At the end of the login authorization process, the authorization information is transferred to the callback URL.
This will trigger a call to execute code in the callback page so that the NAVER Login library for JavaScript
can automatically generate the access token.
To get the access token, you can use the naver_id_login.getAccessToken() function. Please keep the token
in separate storage so that you can use it later when making open API calls.
Caution
A malfunction can occur when comparing state tokens, which is automatically handled, if the domain of a callback
URL is not the same as that of a URL where the NAVER Login button exists. You should be cautious about such a
thing.
If the domain where the NAVER Login button exists is "www.service.com" and the domain configured as a callback
URL is "callback.service.com," you can resolve the problem by adding the code below in the "Basic Configurations"
and "Request Authentication" sections.
Make Open API Calls

With the issued access token, you can use various APIs that NAVER provides to get results.
The code example below shows how to make an API call for getting user information such as email address,
nickname, and age.
Code Example of Making Open API Calls

1.0.1.js"></script>
<script type="text/javascript" src="./jquery-1.11.3.min.js"></script>
naver_id_login.get_naver_userprofile();
email = naver_id_login.getProfileData('email');
name = naver_id_login.getProfileData('name');
age = naver_id_login.getProfileData('age');
</script>
56
API Reference
API Reference
This chapter provides information on the NAVER Login APIs.
Authorize Users with NAVER

Description
Authorizes a user with NAVER. If it succeeds, the authorization code is transferred to the callback URL.
Resource URL
https://nid.naver.com/oauth2.0/authorize
Protocol
HTTPS
HTTP Methods
GET
POST
Parameters

response_type String Y A value indicating the authorization process.
Its value is fixed to "code."
client_id String Y A client ID issued after an application was registered
redirect_uri String Y Callback URL.
A URL entered when an application was registered; URL
encoding should be applied.
scope String N Valid range.
Currently, it works only with the pre-defined value in the
database.
state String Y A state token generated by an application to prevent a cross-
site request forgery (CSRF) attack; URL encoding should be
applied.
Request Example
https://nid.naver.com/oauth2.0/authorize?response_type=code&client_id=jyvqXeaVOVmV&redire
ct_uri=http%3A%2F%2Fservice.redirect.url%2Fredirect&state=hLiDdL2uhPtsftcU
Response
The result differs depending on whether users are logged in to NAVER or not.
If users are logged in, they are asked to confirm that they agree to provide personal information.
If users are not logged in, they are redirected to the NAVER login screen.
After this process is completed, the authorization information will be sent to a callback URL specified in the
"redirect_uri" parameter; the information to be sent is as follows:
Property Type Required Description

code String Y An authorization code returned when the API call
succeeds. This code is used to issue an access token.
57

state String Y The client-side authorization value used to prevent a
CSRF attack; URL encoding should be applied.
error String Error codes returned when the API call fails
error_description String Error descriptions returned when the API call fails
Response Example
API call success
http://service.redirect.uri/redirect?code=#&state=#
API call failure
http://service.redirect.uri/redirect?error=#&state=#&error_description=#
Get Access Tokens

Description
Gets an access token required to get user profile or use open APIs. If it succeeds, an access token and a
refresh token are returned.
Resource URL
https://nid.naver.com/oauth2.0/token
Protocol
HTTPS
HTTP Methods
GET
POST
Parameters

grant_type String Y A value indicating the authorization process.
Its value is fixed to "authorization_code."
client_secret String Y A client secret issued after an application was registered
code String Y An authorization code returned when the API call succeeds. This
code is used to issue an access token.
state String Y A state token generated by an application to prevent a CSRF
attack; URL encoding should be applied.
Request Example
https://nid.naver.com/oauth2.0/token?grant_type=authorization_code&client_id=jyvqXeaVOVmV
&client_secret=527300A0_COq1_XV33cf&code=EIc5bFrl4RibFls1&state=9kgsGTfH4j7IyAkg
Response
If it succeeds, the data is returned in JSON format.

access_token String Y An access token.
58
API Reference

It expires when the value (in seconds) specified in the "expires_in"
parameter exceeds after it is issued.
refresh_token String Y Refresh token. Used to issue an access token when it expires.
token_type String Y Access token type.
Two types such as Bearer and MAC are supported.
expires_in Integer Y Valid period (in seconds) of an access token
Response Example
{
"access_token":"AAAAQosjWDJieBiQZc3to9YQp6HDLvrmyKC+6+iZ3gq7qrkqf50ljZC+Lgoqrg",
"refresh_token":"c8ceMEJisO4Se7uGisHoX0f5JEii7JnipglQipkOn5Zp3tyP7dHQoP0zNKHUq2gY",
"token_type":"bearer",
"expires_in":"3600"
}

Description
Refreshes an access token when it expires. If it succeeds, a new access token is returned.
Resource URL
Protocol
HTTPS
HTTP Methods
GET
POST
Parameters

Its value is fixed to "refresh_token."
refresh_token String Y A refresh token issued as a result of authenticating users with
NAVER
Request Example
https://nid.naver.com/oauth2.0/token?grant_type=refresh_token&client_id=jyvqXeaVOVmV&
client_secret=527300A0_COq1_XV33cf&refresh_token=c8ceMEJisO4Se7uGCEYKK1p52L93bHXLn
Response
If it succeeds, the data is returned in JSON format.

access_token String Y An access token
59

token_type String Y Access token type.
Two types such as Bearer and MAC are supported.
expires_in Integer Y Valid period (in seconds) of an access token
Response Example
{
"access_token":"AAAAQjbRkysCNmMdQ7kmowPrjyRNIRYKG2iGHhbGawP0xfuYwjrE2WTI3p44SNepkFXME/Nlx
famcJKPmUU4dSUhz+R2CmUqnN0lGuOcbEw6iexg",
"token_type":"bearer",
"expires_in":"3600"
}
Disconnect
Description
Deletes an access token and disconnects an application from the NAVER ID.
Resource URL
Protocol
HTTPS
HTTP Methods
GET
POST
Parameters

Its value is fixed to "delete."
access_token String Y An access token issued; URL encoding should be applied.
service_provider String Y The name of an authorization provider.
Its value is fixed to "NAVER."
Request Example
https://nid.naver.com/oauth2.0/token?grant_type=delete&client_id=jyvqXeaVOVmV&client_
secret=527300A0_COq1_XV33cf&access_token=c8ceMEJisO4Se7uGCEYKK1p52L93bHXLnaoETis9Yzjfn
orlQwEisqemfpKHUq2gY&service_provider=NAVER
Response
If it succeeds, an access token is deleted and the user is logged out of an application. The user's NAVER ID
is disconnected from the application.
60
API Reference
If it fails, error codes and messages are returned in JSON format.

access_token String Y Deleted access token
result String Y Returned result.
If it succeeds, "success" is returned.
Response Example
{
"access_token":"c8ceMEjfnorlQwEisqemfpM1Wzw7aGp7JnipglQipkOn5Zp3tyP7dHQoP0zNKHUq2gY",
"result":"success"
}
Get NAVER User Profile

Description
Gets users' personal information such as an email address, nickname, profile image, birthday, age and more.
Resource URL
https://apis.naver.com/nidlogin/nid/getUserProfile.xml
Protocol
HTTPS
HTTP Methods
GET
POST
Request Header
You should add the information below in a request header when making API requests.
Field Description
Authorization Access token header.
The header should include an access token as follows: "Authorization: {token type}
{access token}"
The value of a token type is fixed to "Bearer."
Request Header Example

Authorization: Bearer AAAAOLtP40eH6P5S4Z4FpFl77n3FD5I+W3ost3oDZq/nbcS+7MAYXw
XbT3Y7Ib3dnvcqHkcK0e5/rw6ajF7S/QlJAgUukpp1OGkG0vzi16hcRNYX6RcQ6kPxB0oAvqfUPJiJw==
Request Example
User-Agent: curl/7.12.1 (i686-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0.9.7a
zlib/1.2.1.2 libidn/0.5.6
Host: apis.naver.com
Pragma: no-cache
Accept: */*
Authorization: Bearer AAAAOLtP40eH6P5S4Z4FpFl77n3FD5I+W3ost3oDZq/nbcS+7MAYXwXbT3Y7Ib3d
nvcqHkcK0e5/rw6ajF7S/QlJAgUukpp1OGkG0vzi16hcRNYX6RcQ6kPxB0oAvqfUPJiJw==
61
Response
If it succeeds, the data is returned in XML format.
Element Type Required Description

result/resultcode String Y A result code returned
result/message String Y A message returned
response/id String Y User identification information; this value is
unique to every NAVER ID.
response/nickname String Y User nickname
response/name String Y User name
response/email String Y User email address
response/gender String Y Gender
F: Female
M: Male
U: Unidentified
response/age String Y User age
response/birthday String Y User birthday ("MM-DD" format)
response/profile_image String Y The URL for a user profile image
Response Example
<?xml version="1.0" encoding="UTF-8"?>
<data>
<result>
<resultcode>00</resultcode>
<message>success</message>
</result>
<response>
<nickname>naverIDLogin</nickname>
<name>userName<name>
<id>123456</id>
<gender>M</gender>
<age>40-49</age>
<birthday>01-01</birthday>
<profile_image>http://naver.com/image.url.jpg</profile_image>
</response>
</data>
Status Codes
Code Message Description
024 Authentication failed Authentication failed
025 Exceed time limit HMAC time limit exceeded
026 Malformed msgpad Invalid HMAC msgpad
027 Malformed message digest Invalid HMAC md
028 Authentication header not exists No OAuth authorization header
029 oAuth Authentication failed Invalid authorization header format or wrong value
051 Api not exists The API does not exist
061 Malformed url Invalid URL format
062 Malformed parameter Invalid parameter format
62
API Reference
Code Message Description

063 Malformed encoding Invalid encoding format
071 Unsupported return format Unsupported return format
00 success Process succeeded
04 dg get fail Database error
05 no data No results
Error Codes
Code Description
invalid_request Invalid parameter or request
unauthorized_client Unauthorized code is used
unsupported_response_type Undefined return format is used
server_error Process failed due to the NAVER server error
63
NAVER Login Button Brand Guidelines

This chapter is provided to assist you to use the NAVER Login buttons in a consistent manner.
It is strongly recommended to maintain the brand guidelines described in this guide even though it is
possible to change some of the styles.
Downloads
Buttons (.ai)
Buttons (.png)
Login Button Style

The NAVER Login button consists of an icon and text and it provides three buttons such as official, short,
and icon.
The buttons are available in two colors (green background and white background) and green that represents
the NAVER brand identity effectively is preferred as a background.
65
Default Typography and Color

You should follow the typography and color guidelines for the NAVER Login button as follows:
Green Background
Element Guideline
Icon color: #FFFFFF
Text color: #FFFFFF
font: Nanum Barun Gothic Bold
Background color: #FFFFFF
White Background
Element Guideline
Icon color: #1EC800
Text color: #999999
font: Nanum Barun Gothic Bold
Background color: #FFFFFF
You should use the NAVER Login button in its provided color schemes as follows:
66
Custom Button Design

Size
You can adjust the button width as needed so that it can be optimized for different text length and screen
sizes. However, you must preserve the aspect ratio of an icon.
Text
You can change the button text as long as it conveys the meaning of "Log in with NAVER." You can use
Korean as well as English.
Look and Feel

You can create a custom NAVER Login button to match your app's look and feel as long as it does not
violate the NAVER brand identity standards.
67
Displaying with Other Third-Party Login Buttons

The NAVER Login button must be approximately the same size and have similar visual weight as other
third-party login buttons.
Incorrect Button Design

When customizing the NAVER Login button, you should be careful not to violate our guidelines since it may
weaken the NAVER brand identity.
The following shows some examples of incorrect NAVER Login button designs:
68
SDK Downloads
SDK Downloads
NAVER Login Library for Android
Version Date Type Description
4.1.4 2015-08-07 library Added features
4.1.4 sample Changes to showing a banner asking for installation of
the NAVER App instead of prompting a dialog
Changes to passing the package name of an
application instead of entering the callback intent
value when initializing SDK
4.1.3 source Sends information on whether to use cellular data or
4.1.3 sample Wi-Fi network to a server
Sends the SDK version information of NAVER Login to
the NAVER App
Determines whether to rotate the application screen
with the version information
Fixed bugs
Fixed a situation where OAuthLoginButton occurs an
error in the layout preview state
4.1.2 2014-12-23 library, sample Added features
4.1.2 source Changes to support both portrait mode and landscape
4.1.2 sample mode
Fixed bugs
None
NAVER Login Library for iOS

4.0.5 2015-08-13 SDK, sample Shows a banner asking for installation of the NAVER App
4.0.5 sample within the in-app browser during the authorization process if
it is not installed.
4.0.4 2015-07-30 SDK, sample Fixed a situation where YES is returned in
4.0.4 sample isValidAccessTokenExpireTimeNow even if the token
expires.
4.0.3 2015-06-17 SDK, sample Changes of User-Agent
Changes to deleting login cookies when initializing the
token
4.0.2 2015-02-27 library, sample The number of in-app browser issues
4.0.1 2014-12-15 SDK, sample Initial distribution
Sample Project for Windows

Sample
69
NAVER Login Library for JavaScript

1.0.1 minify Modifies the library to support implicit grant
Fixed bugs
None
1.0.0 minify Adds a new SDK for JavaScript
Fixed bugs
None
Changelog
OS Version Date Type Description
iOS 4.0.5 2015-08-13 library, sample Shows a banner asking for installation of the NAVER
App within the in-app browser during the
authorization process if it is not installed.
Android 4.1.4 2015-08-07 library, sample Added features
Changes to showing a banner asking for
installation of the NAVER App instead of
prompting a dialog
Changes to passing the package name of an
application instead of entering the callback intent
value when initializing SDK
JavaScript 1.0.1 2015-07-30 library Added features
Modifies the library to support implicit grant
iOS 4.0.4 2015-07-30 library, sample Fixed a situation where YES is returned in
isValidAccessTokenExpireTimeNow even if the token
expires.
Sends information on whether to use cellular
data or Wi-Fi network to a server
Sends the SDK version information of NAVER
Login to the NAVER App
Determines whether to rotate the application
screen with the version information
Fixed bugs
Fixed a situation where OAuthLoginButton
occurs an error in the layout preview state
iOS 4.0.2 2015-02-27 library, sample Fixed a situation where calling a callback
function is not working when the user cancels an
agreement within an in-app browser during the
authorization process.
Adjusts the button position in the in-app browser

bar at bottom for iPhone 6 and iPhone 6 Plus
70
SDK Downloads
OS Version Date Type Description

Changes to supporting both portrait mode and
landscape mode
Fixed bugs
None
iOS 4.0.1 2014-12-15 library, sample Initial distribution for NAVER Login
71

Naver Login

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Naver Login

Diunggah oleh

Hak Cipta:

Format Tersedia

NAVER Login Developer's

Copyright NAVER Corp. All rights Reserved.

Email: NAVER Login Global Support (dl_signwithnaver@navercorp.com)

User Interface (UI) Text

Steps for Adding NAVER Login ______________________________________________________________ 11

Application Registration _________________________________ 13

NAVER Login Tryout ____________________________________ 15

NAVER Login for Android ________________________________ 17

Library Files _______________________________________________________________________________ 17

Development Environment Setup __________________________________________________________ 17

Get Access Tokens ________________________________________________________________________ 20

Log Out ___________________________________________________________________________________ 20

Make Open API Calls______________________________________________________________________ 21

Other Configurations ______________________________________________________________________ 21

API Reference _________________________________________________________________________________ 21

NAVER Login for iOS ___________________________________ 33

Library Files _______________________________________________________________________________ 33

Development Environment Setup __________________________________________________________ 33

OAuth 2.0 Authorization Flow ________________________________________________________________ 34

Getting Authorization Codes _______________________________________________________________ 34

Getting Access Tokens ____________________________________________________________________ 35

Making Open API Calls ____________________________________________________________________ 35

Basic Configurations ______________________________________________________________________ 35

Get Authorization Codes and Access Tokens ______________________________________________ 37

Refresh Access Tokens____________________________________________________________________ 38

Log Out ___________________________________________________________________________________ 39

Make Open API Calls______________________________________________________________________ 39

API Reference _________________________________________________________________________________ 40

NAVER Login for the Web ________________________________ 49

NAVER Login with PHP and Java ____________________________________________________________ 49

Generate State Tokens to Prevent CSRF Attacks __________________________________________ 49

Make Authorization Requests with NAVER Login __________________________________________ 50

Authentication and Authorization with NAVER _____________________________________________ 50

Verify State Tokens ________________________________________________________________________ 51

Get Access Tokens ________________________________________________________________________ 52

Get NAVER User Profile ___________________________________________________________________ 52

Refresh Access Tokens____________________________________________________________________ 53

Delete Access Tokens _____________________________________________________________________ 53

NAVER Login with the JavaScript Library ___________________________________________________ 54

Basic Configurations ______________________________________________________________________ 54

Request Authentication ____________________________________________________________________ 55

Authentication and Authorization with NAVER _____________________________________________ 56

Get Access Tokens ________________________________________________________________________ 56

Make Open API Calls______________________________________________________________________ 56

API Reference ________________________________________ 57

Authorize Users with NAVER _________________________________________________________________ 57

Get Access Tokens ___________________________________________________________________________ 58

Refresh Access Tokens ______________________________________________________________________ 59

Get NAVER User Profile ______________________________________________________________________ 61

Error Codes ___________________________________________________________________________________ 63

NAVER Login Button Brand Guidelines _______________________ 65

Login Button Style ____________________________________________________________________________ 65

Default Typography and Color _______________________________________________________________ 66

Custom Button Design _______________________________________________________________________ 67

Look and Feel _____________________________________________________________________________ 67

Displaying with Other Third-Party Login Buttons____________________________________________ 68

Incorrect Button Design ______________________________________________________________________ 68

SDK Downloads _______________________________________ 69

NAVER Login Library for Android ____________________________________________________________ 69

NAVER Login Library for iOS_________________________________________________________________ 69

Sample Project for Windows _________________________________________________________________ 69

NAVER Login Library for JavaScript _________________________________________________________ 70

Rapid Development and Simple Operation