First of all... I want to integrated authentication in my App for anyone Instagram users by oAuth.
After readed guide https://developers.facebook.com/docs/instagram-basic-display-api/getting-started, I added myself into Instagram Test User and then no have any problems to get token, user_id and carry out some actions into my App. But if I can do it by anyone Instagram users without my Instagram Test User, I get OAuthException with 400 status and error_message: "Invalid scope: []" on oauth/access_token method
For example, step-by-step:
Getting Instagram Authorization Form, write username, password https://api.instagram.com/oauth/authorize?app_id={app-id}&redirect_uri={redirect-uri}&scope=user_profile&response_type=code&state={state}
Then I would like to Exchange the Code For a Token. Send POST request https://api.instagram.com/oauth/access_token by data app_id={app-id}&app_secret={app_secret}&grant_type=authorization_code&redirect_uri={redirect_uri}&code={code} Parameter "code" getting from step 1.
And now I have token and user_id by JSON response after finished step 2.
So, If I carry out by my Instagram Test User I don't have any Exceptions, but If I can do it by another Instagram user, write other username, password on step 1, I'll get OAuthException
PS. I thought the API Instagram Basic Display product on my Facebook Application was probably not moderated by any competence developer. I sended statement, and received refusal: "Instagram profile permissions should not be used to authenticate new users in your app". So, What I am doing wrong?
UPD. On step 1, If i could make to log in distinctive username, password by another Instagram user, I don't receive the "code" - necessary parameter on step 2.
If your app is still in Development Mode, then you have to add Instagram users in My Apps > Roles > Instagram Testers. And those Instagram Users have to Accept the Tester Invite.
Related
I am creating a flutter android app which uses google sign in. Once logged in, I recieve accesstoken and idtoken. I want to use this token to authenticate my backend which uses django social auth and
Login and return the authoken, if the user has already signed up, or
Register the user , login and return the user id and authtoken.
Is this possible ? If so please suggest any documents online or please explain how should I approach this.
Over the years of doing this again and again, I found the solution below works well for me. It creates clear understanding of who is doing what.
Basically, you need:
Django Rest framework-backed token authentication for normal API requests. Mostly your app works on this. Link: https://www.django-rest-framework.org/api-guide/authentication/#tokenauthentication
Google or Facebook or any other login to issue an auth token in 1. Thus effectively FB/ Google shortcuts the process of typing in username and password.
This is achieved via the flow below:
New user comes in and signs in via FB/ Google
You get Fb/Google token and send it to your backend
You verify the validity of the token. Re-obtain user name and email from G/FB from the backend. Use these details to create a user account in your backend. DO NOT USE email provided from front-end for account creation (assuming email is your primary unique user identifier)
NOTE: Don't forget to check if account already exists. If it does, this is a returning user/ login and not a new user. In this case, validate and return valid Django Rest Token
Once 3 is complete, issue a Django REST framework Token in response to the request made in 3.
After 4, you have a token in your app. Use this token for normal requests.
Happy coding! Happy to answer follow-up questions.
it is possible,first you have to create your api using django Rest Framework,the link below can help you to create your backend and set a token for every user:
https://dev.to/amartyadev/flutter-app-authentication-with-django-backend-1-21cp
then you have to add social authentication to your backend,you can write it yourself or using link below to use library :
https://github.com/RealmTeam/django-rest-framework-social-oauth2
after this approach you have to create your flutter app,the below link is a useful resource to connect your backend and your flutter app :
https://www.asapdevelopers.com/flutter-login-app-with-python-backend/
I am working on Instagram API integration to our service. As of 3.6.2019, I have tried to get media for a particular Instagram user account. I have tried to understand the documentation, and this is what I have working so far:
I have an Instagram business account
I did attach my Instagram account to my business page by logging in
I have obtained a page and a user access token via Graph API Explorer. User token has the following permissions:
email
instagram_basic
manage_pages
pages_show_list
pages_messaging
public_profile
I am able to get information about the associated Instagram account like profile_pic and username.
What perplexes me about this is that when I read the documentation, user info retrieval seems to work alright:
However, if I changed the URL to match the media retrieval URL and keeping the same user ID, I get the following error
even through the documentation says:
To get all media objects on an Instagram Business User, send a GET request to the User's /media edge.
And the sample request URL provided:
GET graph.facebook.com/17841405822304914/media
Source: https://developers.facebook.com/docs/instagram-api/reference/user/media/
What am I doing wrong? The URL seems to follow the documentation description. I did use the user access token for the media request. The access token contains permission for instagram_basic, as needed based on the documentation:
Permissions
An access token from the Instagram Business User, with the following
permissions:
instagram_basic
I am using API version 3.2.
Do you really use the right instagram id? Try calling this API with the ID you used:
https://graph.facebook.com/v5.0/[ENTER_ID]?fields=instagram_business_account{id, username,profile_picture_url}&access_token={}
I you get a result like this:
{
"instagram_business_account": {
"id": "XXXXXXX",
"username": "XXXX",
"profile_picture_url": "https://scontent.xx.fbcdn.net/v/t51.2885-15/44644278_733652060347074_11957"
},
"id": "XXXXXXX"
}
You know, that you used the wrong ID :D
Go ahead and call the /media endpoint with the ID nested under instagram_business_account
My task is to get photo data of my business Instagram account with Instagram Graph API. I followed the instruction from Instagram Graph API -
https://developers.facebook.com/docs/instagram-api/reference/user/media
, which said request like
GET http://graph.facebook.com/17841405822304914/media
can get photo data from the Instagram account linked to the FB account in JSON format.
I tried to send GET request /my_facebook_id/media as said by the document with Graph API Explorer on FB developer platform but it failed to return the data I want.
This is the error I got:
message: Tried accessing nonexisting field (media) on node type (User)
type: OAuthException code: 100
Does the message mean the media field doesn't exist in the FB user?
What is the meanIng of error code 100? I can't even see that in FB official document.
I tried to use the Instagram business account ID for this request but I got an error message said the user object doesn't exist
How to get the task done? Thanks!
I guess you have missed creating a Facebook business page and linking your Instagram Business account to it.
Here is the guide to setup : https://developers.facebook.com/docs/instagram-api/getting-started
If this was done correctly and still you're facing the error is because of a Facebook bug where your account doesn't get linked correctly.
Here : https://developers.facebook.com/support/bugs/177912116363088/?disable_redirect=0
Solution : Please disconnect your Instagram account from your page. Then, on Instagram app, in setting you will have to switch back to personal account and reconvert to a business account
Note : Switching to a personal account you will lose the insights of your media.
Once this is done you should be able to get instagram_business_account and post which you can run your query to fetch the media :
GET http://graph.facebook.com/you-instagram-business-account-id/media
I've followed the both packages documentations and using example from rest-auth doc. I've followed all the steps and I can successfully use this API to register/login user with facebook. API returns me token and user object but this token is not working with JWT authentication. But if I set this user's username in the db and then post the facebook login request again then returned token works fine. What does this social authentication process has to do with username? Is there something I need to do to properly configure it?
I am using custom user model and have both username and email for authenticating users. Please let me know if any further info is needed for figuring out the problem.
after 1.7.0 in rest_framework_jwt,it use username to query user in authenticate_credentials().But when you use facebook accessToken to login firstly by rest_auth, the user doesn't have a username.
So you will recieve a 'Invalid payload.' message.
I have this problem too.And I do this work now.
Sorry for my bad English skill.
I'm planning out adding Facebook integration to a web app I'm working on. For the most part, it's proceeding smoothly, but I am confused on the proper way to handle the OAuth token.
The sequence of events presented by Facebook here is:
Ask the user to authorize your application, which sends them to a Facebook window.
This will return an Authorization Code generated by Facebook
You then hit https://graph.facebook.com/oauth/access_token with your Authorization Code, which will give you a time-limited OAuth token.
Using the OAuth token, you can make requests to access the user's Facebook profile.
Facebook's documentation has the following to say about token expiration:
In addition to the access token (the access_token parameter), the response contains the number of seconds until the token expires (the expires parameter). Once the token expires, you will need to re-run the steps above to generate a new code and access_token, although if the user has already authorized your app, they will not be prompted to do so again. If your app needs an access token with an infinite expiry time (perhaps to take actions on the user's behalf after they are not using your app), you can request the offline_access permission.
When they say to re-run the steps above, what steps need to be re-run to get a new OAuth token? What data (Facebook UID, Authorization Code, OAuth token) does it make sense to save to my local database?
I would like to be able to have the user continue to interact with my site, and in response to certain user actions, I would like to be able to prompt to user if they want to post something to their Facebook wall.
The access token is time and session based and is unnecessary data to store and have no use after the user have closed the session.
The facebook uid is the only thing you need to identify the user.
Since the Facebook API sometimes is horrible slow you could store the username aswell.
But for identification, all you need is the uid.
The documentation that facebook provides has been updated since you asked this question. https://developers.facebook.com/docs/authentication/.