I want to add a 'Login with Instagram" button as a new feature to my application.
After reading the docs, I understood that the new API called - 'Instagram Basic Display Api' can't be used as an authentication solution.
"Data returned by the API cannot be used to authenticate your app users or log them into your app. If
you need an authentication solution we recommend using Facebook Login instead."
https://developers.facebook.com/docs/instagram-basic-display-api
If I understood the docs correctly they expect from the user to authenticate once with 'Facebook Login' as the primary authentication of the app and after that, the user needs to login in again to Instagram in order to get his basic profile.
Why can't Instagram be used as primary authentication? Anyone have a showcase to present that implement this flow?
Related
Facebook recently released a step-by-step documentation for using a GrapAPI to manage Instagram messages. To obtain the access token to use it, it's necessary to create an application in the developer center, enable login via Facebook and include the permissions "instagram_basic", "instagram_manage_messages" and "pages_manage_metadata" but to activate these options it's necessary to submit various information for approval as statement of how the integration works and descriptions of the usage flow. I don't have access to this information because I can't develop an integration without it being approved.
It's not possible to use the provided test user as the pages raised by him cannot be linked to Instagram accounts.
Tutorial followed: https://developers.facebook.com/docs/messenger-platform/instagram/get-started
Someone with some experience with the Facebook API could give me a light on how to obtain the token with access required and proceed the tests?
I have done the tutorial as well, I faced the same problem. To enable instagram_basic, instagram_manage_messages and pages_manage_metadata without app review you need to create a test-app. For test apps all permissions are granted without review.
Instructions on how to create a test-app
Another usefull tipp: If you are wondering why you need to implement facebook login to access the instagram messaging api, the logic is the following: You need to implement login to then use your own implementation to logg in your own account and obtain the page access key that will let you do api calls to the instagram messaging api. This process is obviously overkill and instagram is working on a way of getting that access token through the developer dashboard.
For now to obtain that access token you need:
implement facebook login as a simple html website and console log the response. Be sure to add the required permissions to the data-scope attribute of the facebook login button:
<div
class="fb-login-button"
data-scope="public_profile,email,instagram_basic,instagram_manage_messages,pages_manage_metadata,pages_messaging"
></div>
deploy to a website that has https enabled (logging in from
localhost will only work if you use a tunelling service like ngrok).
Open your website that has facebook login implemented and logg in with your facebook account that is also linked to the target instagram account and also is admin of your test-app.
get the access token from the response to call the other API endpoints.
While reading instagram basic display api documentation I get the sense that we cannot use this api for authentication. As they write under the limitation as:
Authentication — Instagram Basic Display is not an authentication
solution. Data returned by the API cannot be used to authenticate your
app users or log them into your app. If you need an authentication
solution we recommend using Facebook Login instead.
But looking at their API reference I get they provide oauth tokens and authentication flow /scopes.
Their getting started guide also list down steps to setup app. Anyone please explain what I am missing there ? I am looking for social login solution using instagram, thanks.
I am trying to connect Instagram to my app. The users will not be able to use the app without connecting to Instagram, therefore I technically need Instagram auth. But Facebook states the following:
Note that Basic Display is not an authentication tool. Data returned by the API cannot be used to authenticate your app users or log them into your app. If your app uses API data to authenticate users, it will be rejected during App Review. If you need an authentication solution, use Facebook Login instead.
So I had to implement a Facebook login. After Facebook login is complete, I am sending the user to Instagram auth window for a second authorization which feels weird for a user.
The other solution that I can think of is the following:
Use Instagram's user_id that is retrieved after Instagram auth and use it to create a custom auth method with Firebase. (I believe this would be rejected at app review)
What is the correct way to achieve this?
Sources:
Instagram auth: https://developers.facebook.com/docs/instagram-basic-display-api/reference/oauth-authorize
Firebase custom auth: https://firebase.google.com/docs/auth/web/custom-auth
NOTE: Facebook login has "instagram_basic" scope but that doesn't allow me to get instagram info or media of normal users (non-business accounts)
I'm developing a mobile API and I would like to allow mobile users to log in to my mobile application using their Facebook account.
I've been struggling to find some detailed information regarding this request. Could someone point me in the right direction? I'm using the following Laravel package for OAuth2:
https://github.com/lucadegasperi/oauth2-server-laravel
As I understand, the user clicks the "Login with Facebook" button and then proceeds to authentication. Facebook provides the access token as a result. But how does a user account appear on our server? And to my knowledge, it is our server that should provide an access token which is tied to the user account on our database. Could someone clear this up?
Have you looked at the Facebook mobile sdk guides?
iOS: https://developers.facebook.com/docs/ios
Andriod: https://developers.facebook.com/docs/android/
The package you mention looks like it performs oAuth authentication, and I don't think you need that. If I understand correctly, you should be able to use the Facebook sdk to perform the authentication and tell your app that the user is authenticated. You will have to create a user account for them (for example, add a record to the users table in your database) and store their Facebook ID.
I am using the Graph API for Facebook on my iPhone application. The problem is, I don't want the user to have to re enter their email address each time they want to login to integrate Facebook with my app. Is there a way to save and auto fill the login information using the Graph API?
Using the Graph API, there is no need for you to store the credentials, more than that, you should NOT store the credentials. As explained in the API dedicated help page the authentication process is handled by a secure token.
Meaning that if the user is already authenticated on Facebook using another application, it might be ( based on authentication process used ) already authenticated within your app.
You might check the token validity by using the isSessionValid method from the Facebook class.
Have a look to the iOS Facebook SSO link, it explains everything you need.