Within our application we would like to provide automation features for Instagram Business users. The Instagram API is migrating to Facebook graph, so we have implemented authentication through that. The problem is that we don't want ALL Facebook users to be able to authenticate, only Instagram Business accounts.
Is there a way we can configure the OAuth setup so that it only lets in the user type that we want?
Otherwise it seems we would be left to do this within application code after the authentication process is complete, which would be a pretty poor user experience (eject the user after they've authenticated).
We're currently using Firebase to perform the OAuth integration, but would be open to implementing manually if it provides a better user experience.
Related
I'm building an app which acts as a simplified layer of the Facebook Ads manager. It can create ads trough the Facebook marketing api.
There are also other services such as adespresso or manychat which offer such a service.
Now I'm wondering about the following: when a user in my app authenticates, I get a short-lives user-access-token. As far as I understand the documentation, there is no way of refreshing this token. The user would need to login again.
When I look at the above mentioned apps however, I stay authenticated. I don't have to re-authenticate each time I'm using the app. So does anyone have a suggestion of how to do it like them?
I wish to implement an Instagram feed reader for my website. A reader that will show my Instagram feed in a unique interactive manner without asking the user to login to Instagram. Is there a way for me to do this reliably using Instagram APIs or their new Instagram Business APIs?
Current options and their caveats:
1. The Instagram v1 API found here (https://www.instagram.com/developer/)
requires user to authenticate. There is no way for an application to use grant_type=client_credentials to acquire a token and make API calls.
The tokens generated don't seem to expire but a note says they may expire any time, making a solution that uses a manually generated token unreliable.
https://www.instagram.com/developer/authentication/
2. Instagram Business accounts API found here (https://developers.facebook.com/docs/instagram-api/)
requires an Instagram business account, and at the same time the queries to media endpoint seem to require User Access Token, which again requires a user to login for generation/renewal of token. (https://developers.facebook.com/docs/instagram-api/reference/media/)
I'm aware of endpoints like https://www.instagram.com/{username}/media/, but this is undocumented and can disappear any moment.
I will highly appreciate any help, or recommendation to implement such a feed that does not require a user to generate authentication tokens.
as it is said in Instagram API doc:
In your application, you should have each user go through an authentication and authorization flow in order to receive a valid access_token.
so I can see just too ways:
use '/media' end-point until it is blocked (i believe it is relatively reliable, because anything can disappear one day, not just undocumented things)
authenticate yourself on instagram, and use your own access_token for API requests, as it is done in several popular tools for getting instagram recent posts
I'm developing a mobile API and I would like to allow mobile users to log in to my mobile application using their Facebook account.
I've been struggling to find some detailed information regarding this request. Could someone point me in the right direction? I'm using the following Laravel package for OAuth2:
https://github.com/lucadegasperi/oauth2-server-laravel
As I understand, the user clicks the "Login with Facebook" button and then proceeds to authentication. Facebook provides the access token as a result. But how does a user account appear on our server? And to my knowledge, it is our server that should provide an access token which is tied to the user account on our database. Could someone clear this up?
Have you looked at the Facebook mobile sdk guides?
iOS: https://developers.facebook.com/docs/ios
Andriod: https://developers.facebook.com/docs/android/
The package you mention looks like it performs oAuth authentication, and I don't think you need that. If I understand correctly, you should be able to use the Facebook sdk to perform the authentication and tell your app that the user is authenticated. You will have to create a user account for them (for example, add a record to the users table in your database) and store their Facebook ID.
I have a web application that's going to be available for all users on my google domain.
Is there a way of allowing the application to manage user's emails, calendar, etc without requiring the user authorization using the fact that all users are part of the domain?
You will need to have a look into Google Apps 2-Legged OAuth APIs, they will allow you to access/manipulate users data without their authorization.
You can find the list of available 2-Legged OAuth APIs here.
Unfortunately you will see that you cannot do as much with the 2-Legged API as you can with the 3-Legged API. However, 3-Legged OAuth requires the users consent at least once.
Consider the following situation: internet provider has a selfcare site that is integrated with facebook, i.e. user can login toselfcare site using his facebook credentials.
However, when user has not paid for the internet access, he is limited to the provider's only sites (ex. selfcare.provider.com). In this case, facebook integration stops working due to access restrictions.
Question is: is there a way of restricting access to facebook in such a way, so that only login can be enabled?
You want to allow users to authenticate against your app without allowing them to access Facebook itself?
I don't think that will be possible short of applying some custom logic on your end to try to determine if a request to Facebook is for login purposes or to access Facebook itself - there's no API for this.