I have an app, that pulls data from my Instagram account.
I authorized this app once, and got access token. But I'm worried,
what if this token expires? Should I authorized the app each time the
token expires?
Can I receive another access token from the auth code?
If no, what can I do to have my app always pulling data from account
without my participation?
Thanks.
But I'm worried, what if this token expires?
AFAIK, Instagram accesstokens don't expire currently.
Note: From Instagram documents.
Note that we do not include an expiry time. Our access_tokens have no explicit expiry, though your app should handle the case that either the user revokes access or we expire the token after some period of time. In this case, your response’s meta will contain an “error_type=OAuthAccessTokenError”. In other words: do do not assume your access_token is valid forever.
Should I authorize the app each time the token expires?
At the moment, you do not need to do that, as token does not expire. As and when the token expires in future, a corresponding warning or error code and message will be sent to you, which you need to handle.
what can I do to have my app always pulling data from account without
my participation?
You can try following:
Use sharedpreference to store the accesstoken.
First time when you try to fetch data that needs accesstoken(Authenticated requests), first check in the sharedpreference whether the accesstoken is stored or not.
if yes then you don't need to login, just use that accesstoken. If you don't have the accesstoken in preference then do the login using instagram credentials, get the accesstoken and then share it in shared preference and use that for subsequent requests.
You can provide instagram logout option in which you just need to clear the accesstoken from sharedprefernce.
Hope this is helpful to you.
Update - This no longer works as mentioned in the comments
While not well documented, It's worth pointing out that retrieving a feed of posts does not require an accessToken.
https://api.instagram.com/v1/users/{user-id}/media/recent/?access_token=ACCESS-TOKEN
can also be called passing just your client_id
https://api.instagram.com/v1/users/{user-id}/media/recent/?client_id=CLIENT_ID
This isn't made clear in their documentation though.
https://instagram.com/developer/endpoints/users/
The Instagram access token expires at arbitrary times.
Twice in the in the last 7 months from my experience.
I did not find any way to regenerate the token without my participation, the only valid solution IMHO is to avoid the official API and use something like:
https://stackoverflow.com/a/33783840/
For the last 3 week, I have created new token multiple time and its expire after 2 days, but I also notice that some token didn't expired which were created before 3 years. Also, Instagram docs say the token can expire any time in the near future.
There is a hack at this moment to show the user's last post just append URL with `/?__a=1''
after user name such as
https://www.instagram.com/vaseem.ishak/?__a=1
you will get user last post with image text, no of comment like etc.just dig little the return JSON
Related
I'm using Cloud Firestore for Firebase to store informations about a Rest API Service written in NodeJs.
So, every request to Node will ask to Firebase informations about the service and, for first, it will authorize the request.
I thought that use an user generated JWT will be the best solution because the client have to simply include the JWT in his requests to authorize itself.
A Firebase JWT is related to the uid of the user that generates it.
Obviously, there'll be a control panel where the user can log in with email/pw and generate the JWT, and then the JWT will be included in his client system, for example like simple APIs that requires an API Key to identify the user and to work.
So, the idea appears to work good but i noticed that the Firebase JWTs expire in only 1 hour!
The user have to log-in to the control panel every hour to re-generate the JWT. That's not so friendly.
How can avoid this problem? How can i make the JWT expires in more than only 1 hour?
According to documentation:
The maximum lifetime of a token is 24 hours + skew.
[...]
with a skew of up to 10 minutes.
That means you cannot use these tokens forever, which kind of makes sense.
I looked at custom tokens and found:
The time, in seconds since the UNIX epoch, at which the token expires. It can be a maximum of 3600 seconds later than the iat.
Note: this only controls the time when the custom token itself expires. But once you sign a user in using signInWithCustomToken(), they will remain signed in into the device until their session is invalidated or the user signs out.
Perhaps you can do something with the signInWithCustomToken() as once logged in it expires only when the user is invalidated or signs out, but I believe the best course of action would be to look for another approach.
I added instagram feed to my website with following way. This works fine but my access token is expiring again and again which results in blank page. Token expiration leads me to generate token manually and so many times.
Can anyone help me out to rectify this problem?
$result = file_get_contents('https://api.instagram.com/v1/users/self/media/recent/?access_token=[my access token]&count=20');
$result = json_decode($result);
According to the documentation, this is expected:
Even though our access tokens do not specify an expiration time, your app should handle the case that either the user revokes access, or Instagram expires the token after some period of time. If the token is no longer valid, API responses will contain an “error_type=OAuthAccessTokenException”. In this case you will need to re-authenticate the user to obtain a new valid token. In other words: do not assume your access_token is valid forever.
https://www.instagram.com/developer/authentication/
Is your app in sandbox mode? Maybe in sandbox mode the token lasts less than normal. But still, you shouldn't assume a minimum duration like the above explains.
I made An app (which is Live now and) it Uses Instagram API.
It uses one access token per hour. (which is far away from limit 5000/hour)
But What I see that say if 25 users gave access to me than each day 2 to 4 user's access token become invalid (seems randomly).
But Instagram says that:
Even though our access tokens do not specify an expiration time, your
app should handle the case that either the user revokes access, or
Instagram expires the token after some period of time. If the token is
no longer valid, API responses will contain an
“error_type=OAuthAccessTokenException”. In this case you will need to
re-authenticate the user to obtain a new valid token. In other words:
do not assume your access_token is valid forever.
I confirmed that none of these "Revoked Access".
Is there any reason that why its happening.
Or any platform where I can contact Instagram and ask the reason.
So that I can avoid it. (if I 'm doing something wrong)
Unfortunately, the tokens have a tendency to (seemingly) randomly expire. I think the reason is that Instagram doesn't want a single token to grant full access to a user's content without expiration.
Instagram expires the token after some period of time
I would recommend having the user re-auth through Instagram to get a fresh token, as they suggest, and making sure that you are able to handle that OAuth exception when it happens.
In this case you will need to re-authenticate the user to obtain a new valid token.
do not assume your access_token is valid forever.
Also, since the permissions update on 2016-06-01, Instagram has been somewhat hostile and generally unhelpful toward 3rd party apps, so it's not really worth contacting them.
Say I generated an authentication token on rackspace, and use it for a session login.
Now, for security reason I want to invalidate/revoke that token before the expiry date manually, so that on each new session of the application I have a new token to be safe.
Note: There is only one session at any given time.
I read the rackspace API docs. And it says that: the token's default lifespan is 24 hours. But that is too long. Can I set the expiration time manually?
The doc page at: http://docs.rackspace.com/cdns/api/v1.0/cdns-devguide/content/Authentication-d1e647.html
says that: A token may be manually revoked before the time identified by the expires attribute. So I started searching more but no luck.
There was this question on setting the expiration time manually for the token
https://community.rackspace.com/developers/f/7/t/669
and it say that there is no way to set it manually now.
I think revoking the token is possible currently, but I can't find any way for it, I just wanted to make sure I didn't miss something in the docs.
You should be able to revoke a token by sending a DELETE call to the identity endpoint: https://identity.api.rackspacecloud.com/v2.0/tokens/{tokenId}. It's documented in the identity service guide:
http://docs.rackspace.com/auth/api/v2.0/auth-client-devguide/content/DELETE_revokeToken_v2.0_tokens__tokenId__Token_Calls.html
I'm currently using my own Instagram account (not that of my users) to get an access_token, and thus I don't need to create an explicit server-side authentication flow for myself to get the code. I can then use the code programmatically to get an access_token without any human interaction.
My question is, for the purposes of an app that only requires the owner's code to get an access_token, does Instagram let you reuse the same code so that you don't have to keep manually entering a new one?
Thanks :)
If you are only using a single account, there is currently no need to request new access tokens repeatedly. You should be authenticating one time, and storing that access token to use with calls to the API endpoints.
Instagram access tokens currently have no set expiration, however may expire at any time in the future. So you may reuse the token indefinitely (for now), but build the system to be prepared to request a new token in the event that the stored token expires.
Per http://instagram.com/developer/authentication/:
Note that we do not include an expiry time. Our access_tokens have no
explicit expiry, though your app should handle the case that either
the user revokes access or we expire the token after some period of
time. In this case, your response’s meta will contain an
“error_type=OAuthAccessTokenError”. In other words: do do not assume
your access_token is valid forever.