I'm trying to integrate with the new instagram api as my feed is no longer working, i have setup my app and give it the necessary things, when i make the request so in my case
https://api.instagram.com/oauth/authorize?client_id={instagram app id}&redirect_uri={redirect_uri}&scope=user_profile,user_media&response_type=code
it takes me to instagram asks me to sign in with the instagram i am then redirected back to the redirect uri and in the url it has the following ?code=XXXXX and then a big long string of what i assume is the access token but when i try using it it doesn't work i tried pasting it in the facebook access token debugger and it says "Invalid OAuth access token."
this is how i am trying to use it https://graph.instagram.com?fields=media_url&access_token=XXXXX
No, that "code" part is not the access token. But you need it to take access token. When you have "code=XXXXX#_" take the "XXXXX" part. Notice - you need to remove "#_" in the end.
Then you have to make POST request like they say in the docs. Dependent of what tech you use you can make it with internal functions. E.h. in Rails you can use Curl::Easy.http_post()
They use this bash line:
curl -X POST \ https://api.instagram.com/oauth/access_token \ -F client_id={app-id} \ -F client_secret={app-secret} \ -F grant_type=authorization_code \ -F redirect_uri={redirect-uri} \ -F code={code}
client_id = your instagram client id
client_secret = your secret.
(you can find both in facebook developer page under you Instagram Basic Display tab.
grant_type=authorization_code (leave it like it is here)
redirect_uri = this is the page where you will be navigated after you get the token
code = "XXXXX" part from the "code=XXXXX"
In server response you will receive the object with user_id and access_token fields. Notice that this token expires in 1 hour. But you can exchange it for 60 days long term token.
Use this pattern to get it:
https://graph.instagram.com/access_token?grant_type=ig_exchange_token&client_secret=#{YOUR_CLIENT_SECRET}&access_token=#{SHORT_TERM_TOKEN_YOU_JUST_RECEIVED]
It should return object with 2 fields: a long life token itself and the number of seconds until expiry.
Hope it helps.
Related
I've seen a couple questions on this asked on StackOverflow, but none have helped me. I can not get past the 'invalid_grant' error when trying to do an Authorize Code Grant on my 1 admin user in Docusign Sandbox environment.
I have 1 user, who is a DS Admin in the dashboard
I created a new App and obtained the Integrator Key/client_id and Secret Key
Using the guide, https://developers.docusign.com/esign-rest-api/guides/authentication/oauth2-code-grant
I have successfully called and granted permission to the user with
https://account-d.docusign.com/oauth/auth?
response_type=code&scope=signature%20impersonation&client_id=INTEGRATOR KEY&redirect_uri=https://www.docusign.com
and obtained the code returned
I have taken the Integrator Key and secret key, in form INTEGRATOR_KEY:SECRET_KEY and base64 encoded it.
I have tried using Postman and just straight up cURL call to obtain the access token. I have done this numerous times, with numerous new Apps created in Docusign Sandbox. They all return invalid_grant error.
cURL call
curl --header "Authorization: Basic BASE64ENCODING(INTEGRATOR_KEY:SECRET_KEY)" --data "grant_type=authorization_code&code=CODE_RETURNED_FROM_PERMISSION_GRANT" --request POST https://account-d.docusign.com/oauth/token
It's possible that DocuSign isn't able to correctly interpret your request because you're missing a Content-Type header.
Try adding Content-Type: application/x-www-form-urlencoded
The Authorization Code you receive back from DocuSign is only good for a couple of minutes. If you try to use it after that time then you'll receive the invalid grant error.
Also, if you are doing the Authorization Code Grant flow then you should not be requesting the impersonation scope. -- It is only for the JWT flow.
I setup a website a year ago with an Instagram feed displaying images from an account on the site. It has worked perfectly until last week where i started throwing: Error from Instagram: The access_token provided is invalid.
from nowhere.
I looked around and found that (rather logically) I need to re-generate the token. I tried doing so via instagram.pixelunion
while logged in on the admin account. It did not work.
So I tried this one:
https://www.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=token
And I figured how that site worked was to paste in the clientId into the url afterclient_id=xxxand refreshed the page, but doing that returns:
{"error_type": "OAuthForbiddenException", "code": 403, "error_message": "Implicit authentication is disabled"}
Here's my code for fetching the images (I have a instafeed.min.js also):
var feed = new Instafeed({
target: "insta-images",
get: 'user',
userId: "xxxxxx",
clientId: "xxxxxxxxxxxxxxxxxxxxxxxx",
accessToken: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
resolution: "standard_resolution",
limit: 8,
template: '<li id="insta"><img src="{{image}}"/></li>'
});
feed.run();
If you look at your application setting:
https://www.instagram.com/developer/clients/{clientId}/edit/
under "security"; You would have Disable implicit OAuth checked. which is described as:
Disable the Client-Side (Implicit) OAuth flow for web apps. If you check this option, Instagram will better protect your application by only allowing authorization requests that use the Server-Side (Explicit) OAuth flow. The Server-Side flow is considered more secure. See the Authentication documentation for details.
To solve the error you are facing: Implicit authentication is disabled you need to use server side auth. That is response_type=code rather response_type=token in your request.
Extra details on the difference in OAuth 2.0 for response_type:
response_type=code will give you the temporary code and you use token endpoint to receive token from the code (https://www.instagram.com/developer/authentication/):
curl -F 'client_id=CLIENT_ID' \
-F 'client_secret=CLIENT_SECRET' \
-F 'grant_type=authorization_code' \
-F 'redirect_uri=AUTHORIZATION_REDIRECT_URI' \
-F 'code=CODE' \
https://api.instagram.com/oauth/access_token
I am a little confused by Microsoft's scattered documentation.
I have created an application (https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal), which means I now have:
Application ID
Key
Directory ID
I have gone into the KeyVault in Azure Portal, and I have granted permissions to the application.
For test purposes, I am trying to run a test via CURL. The basis I am using for this is the following Microsoft pages (https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service#request-an-access-token and https://learn.microsoft.com/en-us/rest/api/#create-the-request)
So, the first thing I do is get a token through the following call:
curl -d "grant_type=client_credentials&client_id=<removed_for_security>&client_secret=<removed_for_security>" https://login.microsoftonline.com/<removed_for_security>/oauth2/token
This returns a token.
I then (try to) use that token as follows:
curl -H "Authorization: Bearer <removed_for_security>” -vv https://<removed_for_security>.vault.azure.net/secrets/<removed_for_security>/<removed_for_security>
I get no content back, just "HTTP/1.1 401 Unauthorized"
You need to specify the resource you are requesting the token for.
curl -d "grant_type=client_credentials&client_id=<removed_for_security>&client_secret=<removed_for_security>&resource=https://vault.azure.net" https://login.microsoftonline.com/<removed_for_security>/oauth2/token
and also add the api version.
Ok, so I can confirm that the request you are doing is valid, for the most part, you forgot the API-version, but problem is not with the API version (it would tell you that).
https://xxx.vault.azure.net/secrets/xxx/?api-version=2015-06-01
this url works, so I guess the token is not right. The easiest way to check would be to go to JWT.io and paste the token there and see the contents, if they match with what the Key Vault expects. Probably you have a mismatch.
I am integrating with Instagram in my angular application.
To integrate with instagram, I am following below 3 steps according to instagram developers api https://www.instagram.com/developer/authentication/
Step One: Direct your user to our authorization URL
https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=code
Step Two: Receive the redirect from Instagram
http://your-redirect-uri?code=CODE
Step Three: Request the access_token
Then i am exchanging the code received in the previous step for an access token.
curl -F 'client_id=CLIENT_ID' \
-F 'client_secret=CLIENT_SECRET' \
-F 'grant_type=authorization_code' \
-F 'redirect_uri=AUTHORIZATION_REDIRECT_URI' \
-F 'code=CODE' \
https://api.instagram.com/oauth/access_token
The above steps work fine if the user is not logged in some other window.
But if the user is already logged in with instagram in some other window,
then the step 3 works sometimes or sometimes it gives me following error
{"error_type"=>"OAuthException", "error_message"=>"Matching code was not found or was already used.", "code"=>400}
Is there something am i missing??
before allowing user to login, do a instagram logout by opening the instagram logout url in a hidden iframe, something like this:
$(document).append('<div style="display:none"><iframe src="https://instagram.com/accounts/logout/" width="0" height="0"></iframe></div>');
this will logout of instagram
I know how to get code by:
https://www.instagram.com/oauth/authorize/?client_id=CLIENT_ID&redirect_uri=REDIRECT_URI&response_type=code
However, I cannot find a way to get access token by server only.
It is blocked for all new comers and all applications lately in June 2016?
http://techcrunch.com/2015/11/17/just-instagram/
You redirect user to URL you posted above.
User logs in (if not logged in) and grants your app permissions to access data
User is redirected back to URL provided in redirect_uri (see step 1). Also, code is appended to the URL.
You are at http://your-redirect-uri?code=CODE (which you control). Then you are able to exchange code for access token by querying Instagram's servers. Here is cURL command:
curl -F 'client_id=CLIENT_ID' \
-F 'client_secret=CLIENT_SECRET' \
-F 'grant_type=authorization_code' \
-F 'redirect_uri=AUTHORIZATION_REDIRECT_URI' \
-F 'code=CODE' \
https://api.instagram.com/oauth/access_token
After you receive token for the first time, store it (if you need to access data later).
More info in official docs.: https://www.instagram.com/developer/authentication/