omniauth / omniauth-instagram Goto Github PK

Navigating to /auth/instagram/callback#access_token=********************* doesnt seem to do the trick.

I get the following error:

OAuth2::Error at /auth/instagram/callback:
{"code": 400, "error_type": "OAuthException", "error_message": "You must provide a code"}

Any clue how to solve this?

I'm using:

    omniauth-instagram (1.0.2)
      omniauth (~> 1)
      omniauth-oauth2 (~> 1)
    omniauth-oauth2 (1.3.1)
      oauth2 (~> 1.0)
      omniauth (~> 1.2)

ERROR -- omniauth: (instagram) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected

I don't know if this is helpful but found that this issue happens when you send along state and on callback it doesn't match.

And this is my callback url - Started
GET "/auth/instagram/callback?code=xxxxxxxxx&state=yyyyyyyy"

And my omniauth initializer setup is pretty vanilla too:

provider :instagram, OauthSecrets.instagram.client_id, OauthSecrets.instagram.client_secret

I assume this setup sends a state along? I know it's optiona but would be surprised if we're not doing this already?

Anyways, please let me know if you have any suggestions?

Thanks :)

If we see the instagram doc, they are not returning the user email anymore, it causes problems with the default devise configuration.

I am authenticating using OmniAuth with both Twitter and Instagram. Twitter is working well.

When I start the authentication process with the /auth/instagram request, OmniAuth is not including the client_id in the authorization header.

I have initialized OmniAuth as:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :twitter, ENV.fetch('TWITTER_CONSUMER_KEY'), ENV.fetch('TWITTER_CONSUMER_SECRET')
  provider :instagram, ENV.fetch('INSTAGRAM_CLIENT_ID'), ENV.fetch('INSTAGRAM_CLIENT_SECRET')
end

When I send the /auth/instagram request, it returns:

{"code": 400, "error_type": "OAuthException", 
 "error_message": "You must include a valid client_id, response_type, and redirect_uri parameters"}

and shows the request uri without my client_id:

https://www.instagram.com/oauth/authorize?client_id=&redirect_uri=http://demo.herokuapp.com/auth/instagram/callback&response_type=code&scope=basic&state=952ced9482ccf34faf3e09cffd40f59548f3c5a539499723

Is there a way to force a new login like Twitter allows by going something like:

  :authorize_params => {
    :force_login => 'true',
    :lang => 'pt'
  }

I'm needing to force authorization/login each time a user tries to access my client, doesn't matter if they already did it or not. Is this possible? I've search everywhere and looked at other API's ways of doing it but it didn't work for Instagram.

Hi,

I am working on a new application utilizing IG's OAuth, and keep running in to this error when hitting IG's authentication api in development:

{
  "error_type": "OAuthException",
  "code": 400,
  "error_message": "Invalid redirect_uri"
}

I tried pushing the code to Heroku and everything works, so I know my setup on FB developer console should be fine.

I am assuming it's an https issue, and is attempting to use ngrok as work around.

Is there a better way to work with IG's authentication in development environment?

Thanks

Hey guys,

I am currently trying to set a OAuth connexion via Instagram and I found this gem. I successfully plugged it for Facebook, linkedin and Google + but I am currently struggling with Instagram connexion.

The reason is that I get this error when I click on "Authorize" on the Instagram connexion page

ERROR -- omniauth: (instagram) Authentication failure! user_denied: OmniAuth::Strategies::OAuth2::CallbackError, access_denied | The user denied your request.

I hence get redirect to my failure method:

Parameters: {"error_reason"=>"user_denied", "error"=>"access_denied", "error_description"=>"The user denied your request.", "state"=>"d54f932ff4bada3abd784e39886b96d324f753929d410d97"}

Here is how I configured my provider in my devise.rb file :

config.omniauth :instagram, instagram_id, instagram_secret, {
    scope: "basic"
  }

Nothing fancy going on here.
Here are the version of the gems that I am using :

omniauth-instagram (1.3.0)
      omniauth (~> 1)
      omniauth-oauth2 (~> 1)

I tried looking it up but I couldn't find any related solutions.

Thanks for your feedback

Hi,

I've set up an Instagram app/client and Valid redirect URIs for my instagram app is like the following:

http://127.0.0.1.xip.io:3000/dashboard/omni/auth/instagram/callback

I've started to get Redirect URI doesn't match original redirect URI error.

Here is the backtrace:

I, [2015-11-27T13:34:10.883170 #10189]  INFO -- omniauth: (instagram) Callback phase initiated.
[httplog] Connecting: api.instagram.com:443
[httplog] Sending: POST http://api.instagram.com:443/oauth/access_token
[httplog] Data: client_id=11111&client_secret=22222&code=XXXXX&grant_type=authorization_code&redirect_uri=http://127.0.0.1.xip.io:3000/dashboard/omni/auth/instagram/callback?code=XXXXX&state=33333
[httplog] Status: 400
[httplog] Benchmark: 0.20239810000020952 seconds
[httplog] Response:
{"code": 400, "error_type": "OAuthException", "error_message": "Redirect URI doesn't match original redirect URI"}
E, [2015-11-27T13:34:11.487103 #10189] ERROR -- omniauth: (instagram) Authentication failure! invalid_credentials: OAuth2::Error, : 
{"code": 400, "error_type": "OAuthException", "error_message": "Redirect URI doesn't match original redirect URI"}

After digging around, I've noticed that if I remove query string from redirect_uri which is ?code=XXXXX&state=33333, it works like a charm. However, according to Instagram API Documentation(http://instagram.com/developer/authentication/) it is possible to use query parameters.

In order to remove query string from redirect_uri, I had to add the following method to omniauth-instagram-1.0.1/lib/omniauth/strategies/instagram.rb file:

def query_string
  ''
end

But, I'm not sure if this is the best solution. Is this a bug or is there a problem with my settings? This gem used to work before.

Thanks.

-Ozgun.

Description

As per the documentation, basic scope is now deprecated and is now instagram_basic

References

• https://developers.facebook.com/docs/permissions/reference/instagram_basic

I'm using Omniauth with Devise. It's not documented how to specify your scopes, and it does not appear to follow the convention used by facebook, github and others. So if it helps anyone, here's how you'd specify your desired permissions:

config.omniauth :instagram, XXX, YYY, scope: %w(basic public_content follower_list)

The scope expects an array, or something that can be cast to an array.
Had me stumped for a moment till I dug through source.

Hello,

I have created the client in instagram developer, and using the client_id and secret in env file in the local application. It works perfectly fine. But when I deployed to Heroku, and created the new keys and redirect_url it is not setting client_id in URL, when redirecting to auth page.

PS: I have even created the OAuth from Heroku and added it to my app, still no luck.
https://github.com/heroku/heroku-cli-oauth

Please somebody help me.

Hi!

Sorry for a stupid question,
previously I used omniauth-twtter and passed configurations like this:

client = Twitter::REST::Client.new do |config|
config.consumer_key = "YOUR_CONSUMER_KEY"
config.consumer_secret = "YOUR_CONSUMER_SECRET"
config.access_token = "YOUR_ACCESS_TOKEN"
config.access_token_secret = "YOUR_ACCESS_SECRET"
end

and then I used it like client.user("gem")

How can I get the same thing with omniauth-instagram?

Thanks!

currently it is dependent on omniauth version ~1.0 but the omniauth version 1.9.1 has reported high severity CVE and we need to update the omniauth version to ~2.0

Is there anyway that we can specify the scope of the authentication?

Thanks

Hi folks - would it be possible to cut a release to ruby gems? A commit merged recently contains an update of underlying dependencies and it would be of assistance if this could be published as such.

I appreciate the effort and your time : )

Not sure if it's outta date or what, but it covers absolutely nothing. Instagram API is super problematic and maybe not necessarily due to this library.

When trying to authenticate to Instagram, I am receiving a html response: Page Not Found (This page could not be loaded. If you have cookies disabled in your browser, or you are browsing in Private Mode, please try enabling cookies or turning off Private Mode, and then retrying your action).

Anybody else facing this problem?

No route matches [GET] "/oauth/authorize"

I suspect this has to do with the callback?

I am having trouble accessing the access token that is required on all api calls to get any data. The credentials['token'] does not work for me. Any insights on where in the maybe the request.env is would be? I can get the token through postman using https://api.instagram.com/oauth/authorize/?client_id=#{ENV['INSTAGRAM_ID']}&redirect_uri=REDIRECT_URI&response_type=token but it comes back in the cookies. All of the documentation that I see says to just get it the once. But wouldn't it expire?

EDIT: Sorry to have wasted time. I got it to work, haha.

Hi.

I am keep getting error:

undefined method `info' for nil:NilClass

and do not know where to start digging :(

Might be worth adding how to work with scopes as well as a link to this extremely buried form you must fill out if you'd like to use liking, commenting, or relationship post requests. https://help.instagram.com/contact/185819881608116

Will work on the a push request, if needed.

When omniauth-oauth2 upgraded to 1.1.0 (from 1.0.3 previously) the omniauth-instagram couldn't process the callback url properly and would just give a OmniAuth::Strategies::OAuth2::CallbackError.

A quick work around:
update your gem file to give the specific version of omniauth-oauth2
gem 'omniauth-oauth2', '1.0.3'

If you use omniauth-facebook you'll need to specify it's version as well because the latest version of omniauth-facebook works with omniauth-oauth2 1.1.0 and not 1.0.3. So update your omniauth-facebook gem line to:
gem 'omniauth-facebook', '1.4.0'

run 'bundle update omniauth-oauth2'

I get this error undefined method [] for nil:NilClass when redirecting from instagram.
The error comes from omniauth-instagram (1.3.0) lib/omniauth/strategies/instagram.rb:22

I traced the error and figured out instagram does not return user field. It returns user_id, so instagram.rb:50 returns nil.

I saw there was an attempt to fix this - #42, but for some reason that PR was closed.

Is this going to be fixed soon? The gem does not seem to be usable now.

Hi,

i have succesfully integrated the gem. The only small issue is that the callback url send to instagram is http, even when the site is delivered in https only.
Is it possible to generate a https callback uri that is send to instagram?

TIA
Steffen

I'm having a hard time setting this thing up. Maybe I'm doing something wrong or possibly missing a step. I'm new to rails so I appreciate any help.

1. First I added gem 'omniauth-instagram', '~> 1.0.1' to my gem file
2. Run bundle install inside terminal
3. Add

use OmniAuth::Builder do
  provider :instagram, ENV['INSTAGRAM_ID'], ENV['INSTAGRAM_SECRET']
end

to config/initializers/omniauth.rb file
4. To test it out, I added <%= link_to "Sign in with Instagram", "/auth/instagram" %> inside my views.

I keep getting an error saying that route does not exist. (/auth/instagram)

Please help.

With instagram api becoming a part of facebook, is this strategy still valid or should I use facebook one (or write a custom one to access instagram data through facebook api)?

It is still trying to authenticate through old instagram api, but I think that this is only before they disable it?

Are there plans to allow this gem to use new api?

@ropiku What are your thoughts on moving this over to the omniauth organization so that this gem can be appropriately maintained moving forward.

I'm happy to get that process going.