I am working on an application that integrates with Instagram API to access the user information. I successfully fetch the Access Token using the authorize url but unable to fetch the userId using access_token url:
i am tried both the endpoints:
https://api.instagram.com/oauth/access_token?client_id=48275564e2c445f6b8e1356djfha3e0c&client_secret=ab2062da9f314e3489dke7ae9cbe6e5d&redirect_uri=http://localhost&grant_type=authorization_code
https://api.instagram.com/oauth/access_token
with the post body as:
client_id=48275564e2c445f6b8e1356djfha3e0c&client_secret=ab2062da9f314e3489dke7ae9cbe6e5d&redirect_uri=http://localhost&grant_type=authorization_code&code=1351860224.4827556.5dc92c4d15ea4a4ea1b0d33eaf0eef19
(The data in the request is modified), But i am getting the follwing
{
"code": 400,
"error_type": "OAuthException",
"error_message": "No matching code found."
}
I have seen tons of queries and questions but could not find any solution to the problem.
The couple of questions i have is:
1) is the field code in the URL is same as access_token, if not how could i get the code field's value.
2) is there any other mechanism(API) to fetch the user details given the username is not known.
Please help me as i am completely stuck and running out my deadlines.
For me unchecking Disable implicit OAuth in instagram developer -> manage clients fixed the issue
I found that using either form-data or application/x-www-form-urlencoded works fine. The most important is the code you get from redirect uri is only used by one request. It means you could request the access token once for the code. If the you request more than one time with same code, you'll get the error like this:
{
code: 400,
error_type: "OAuthException",
error_message: "Matching code was not found or was already used."
}
Wish you all the best ;)
Try to urlEncode the redirect_uri param to
http%3A%2F%2Flocalhost
And your code param contains the "." character which might be a error.
code=1351860224.4827556.5dc92c4d15ea4a4ea1b0d33eaf0eef19
might caused the problem
"error_message": "No matching code found."
"5dc92c4d15ea4a4ea1b0d33eaf0eef19" seems to be the correct code
I got same error. It seems that instagram's spam system disable user's access to any non-official application. Just change user's password. In my case it was help.
Also try create another application.
UPD
From my answer to another question
It looks like users get more than one code, and you see first code, but need second. Try relogin users, if you gets error. User will not see instagram page with confirm button, just redirections.
Possible algorithm of error:
1. User click auth link.
2. Get first code.
3. User click auth link (twice, redirection problem, public auth system, etc.)
4. Get another code (even on the same client_id, redirect_uri).
5. You get first code.
6. But first code already doesn't exists.
The problem is here that need redirect url set as http://localhost/signin-instagram
signin-instagram part is very important
So go to Instagram.com/developer ->Manage Client-> Security -> Valid redirect URIs set with that end http:/../signin-instagram
Off late instagram python snippet fails due to missing content-type HTTP header
response, content = http_object.request(url, method="POST", body=data,headers = {"Content-type": "application/x-www-form-urlencoded"})
adding application/x-www-form-urlencoded worked for me
I will mention what worked for me.
Step 1. Generate a new client secret from you panel.
Step 2. Follow the step 1 mentioned here to obtain the code again.
Step 3. Send the request again with the changed parameters.
Make sure you are logged in the browser when you send the request. You will get the required response.
Go into Facebook for Developers > Your app. Click on "Roles" and add an Instagram test-account under "Instagram Testers".
Log into instagram.com and go to: Settings > Security > Apps and Websites, where you will accept the test invitation.
Prepare your URL link, which you will paste into the web browser. Make sure to use a valid redirect URI from "Valid OAuth Redirect URIs" from the Instagram Basic Display settings.
If you did everything right, the Instagram tester account for the app, will have the option to gain access to user_profile,user_media. Continue the process to get the code which you can exchange for a short-lived access token.
Related
We are implementing the Sign In with Apple functionality for web application. We are following the ReST based approach. The authorization call is working fine and we are getting the 'code' and 'state' values on the return request object. But I am not getting the customer info.
Authorization end point : https://appleid.apple.com/auth/authorize
The user info section is completely missing on the apple doc. Is anyone know which endpoint to hit for getting the user info and what is the request format.
I have tried the token API call from Apple and I'm getting the response as 'unsupported_grant_type'
Endpoint : appleid.apple.com/auth/token
Header : svc.addHeader("Content-Type", "application/x-www-form-urlencoded");
Body :
{'client_id' : client_id, 'client_secret_key' : client_secret_key,
'grant_type' : grant_type, 'code' : code, 'redirect_uri' : redirect_uri}
grand_type value we set as 'authorization_code'.
Response service=AppleSignInTokenService status=ERROR errorCode=400 errorMessage={"error":"unsupported_grant_type"}
Please let me know where I'm going wrong.
If you getting 400 error, check the redirect URL exist at Service ID redirect section or not. Make sure the client id is the same as the Service ID Identifier or not.
If you getting 200, but no user information returns. That could be you already do sign in with apple with your site, you could go to https://appleid.apple.com/account/manage, then click APPS & WEBSITES USING APPLE ID under security. If you see your site then click stop using Apple ID. Now, when you back to the site to do sign in again, the user information will be included. Seems like apple only returns user information on first time.
Bummer, something went wrong
https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=test&redirect_uri=http://test.custom.com/abc/linkedin&state=DCEeFWf45A53sdfKef424asgTyhgTR5
when I use the above url I am getting "Bummer, something went wrong.
We're having difficulty connecting."
you need to add Sign In with LinkedIn permission in product tabs
from the app settings page go to the product tab and add Share on linkedin and Signin with linkedin to get the following permissions r_emailaddress, r_liteprofile, w_member_social
Hello I had a similar problem and I fixed it by doing this ;
You have to ensure that everything in your APP page ( https://www.linkedin.com/developer/apps ) matches the parameters in your authorization URL . SO for example in your case , https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=test&redirect_uri=http://test.custom.com/abc/linkedin&state=DCEeFWf45A53sdfKef424asgTyhgTR5 ;
You would have to ensure that your client_id in the auth URL matches the Client-Id on your APP page and also ensure that the redirect_uri you specified in your auth URL has been authorized on your app page as shown below . If you are passing in scopes as well, also ensure that they match perfectly . As you can see in the image below , my redirect_uri has been authorized from my app page .
Recreate a application after 12/15/2018 solved the problem for me.
(Any developer application created through the LinkedIn Developer Portal after December 15, 2018 automatically has access to the v2 API.) https://learn.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/migration-faq?context=linkedin/consumer/context
I ran into same issue.
Changing value of redirect_uri in linkedin app from http to https helped solved the issue. See picture below:
In your case, url should have been:
https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=test&redirect_uri=https://test.custom.com/abc/linkedin&state=DCEeFWf45A53sdfKef424asgTyhgTR5 ;
The best is to inspect how is the link generated by linkedin developer tool for you and then you just have to change the redirect url
https://www.linkedin.com/developers/tools/oauth
then "create token" then select all permission and click on "Request access token"
if you have the development window open you can see a query authorisation is done, then you can just copy this url and change the redirect_url.
]1
so for me
https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=myclientid&redirect_uri=myredirectid&scope=r_emailaddress%2Cr_liteprofile%2Cw_member_social&state=e6c0e1c8-1a35-478f-8eea-b0412a6675c9
I am facing an issue regarding account linking in Actions on Google:
I am able to authenticate the user and access his email address and username however after this how can I redirect the user back to the google assistant and close the browser where he was authenticated?
Any help will be appreciated!
Update: Hey Prisoner thanks a lot for that.
I did what you said and yeah now it does redirect to google.com but without result_code=SUCCESS when I test it in the simulator.
The link is:
https://www.google.co.in/?gws_rd=cr&dcr=0&ei=z77fWbjQGIXxvATs_oqwBA
Now if I type talk to... again it shows me the message you need to link your account!
In the device the browser automatically closes and it shows SIGNING_IN however when I type an intent it is not recognized.
It would be great if you could point me in the right direction! (I am not sure but I might be at the token exchange stage that you mentioned, but I don't have a clue how to proceed!)
Update 2: As requested the entire flow that I am following:
This is the URL that I receive from debugInfo:
https://assistant.google.com/services/auth/handoffs/auth/start?account_name=cha***#gmail.com&provider=***_dev&scopes=email&return_url=https://www.google.com/
When I paste this in the browser the request that I receive at the authorization endpoint is:
ImmutableMultiDict([
('response_type', 'code'),
('client_id', ****.apps.googleusercontent.com'),
('redirect_uri', 'https://oauth-redirect.googleusercontent.com/r/****'),
('scope', 'email'),
('state', ' CtcCQUxWM2ROU3hNMjl4LUItVXhQSGd4THRMLU4yNExnb3lYbGRKQnQwa3NwTVFva19NUWpYNE5jNGJURzIyZFN3RDBXd2d4enFGVWJGb0Q0ZW1vaS1OaFdkaHdhb05HZ2xlWTR6SllKVlRWYktwd09faklyUTVheFhQbGw2dmVKYzVFTk05N3B1QkxaZG41RVdHN0wyTktvRFdCYzFPVFBzM1dQUlFtN2RmM1VtRU4****(state)')
])
The response (redirect_url) that I send back:
https://accounts.google.com/o/oauth2/v2/auth?scope=email&response_type=code&redirect_uri=https%3A%2F%2F******.herokuapp.com%2Fcallback%2Fgoogle&client_id=****.apps.googleusercontent.com
When it reaches my endpoint again the request arguments are:
ImmutableMultiDict([
('code', '4/***********')
])
Now I am able to access the email address and other details
The url that I redirect to from here:
https://oauth-redirect.googleusercontent.com/r/****?code=abcdefgh&state=CtcCQUxWM2ROU3hNMjl4LUItVXhQSGd4THRMLU4yNExnb3lYbGRKQnQwa3NwTVFva19NUWpYNE5jNGJURzIyZFN3RDBXd2d4enFGVWJGb0Q0ZW1vaS1OaFdkaHdhb05HZ2xlWTR6SllKVlRWYktwd09faklyUTVheFhQbGw2dmVKYzVFTk05N3B1QkxaZG41RVdHN0wyTktvRFdCYzFPVFBzM1dQUlFtN2RmM1VtRU4****(state)
This redirects me to :
https://www.google.co.in/?gws_rd=cr&dcr=0&ei=5c_fWdfKNYndvASO7o6ACA
Edit 3: I checked the network logs:
result_code=FAILURE&result_message=Account+linking+failed
I also added /token/google as the token URL in AoG. It is detected in heroku however I never receive this request in my code.
Note: I am using python flask and hosting my app on heroku
Once you have authenticated the user, you'll need to return a temporary auth code back to Google. Later, Google will exchange this auth code for an access token and a refresh token, but you're not there yet. The important part is that this code needs to be unique and that, later, you'll be able to recognize what user it is for. The code should be valid for a limited time - 10 minutes is a generally accepted time frame.
In the request Google sent to you as part of the login, they've provided a redirect_uri and a state as parameters. You'll need to use these in your reply. (state can be anything - you shouldn't care what it is, you're just going to send it back with your redirect. Its purpose is to improve security by preventing replay attacks.)
Verify that the redirect_uri has the form
https://oauth-redirect.googleusercontent.com/r/YOUR_PROJECT_ID
Where YOUR_PROJECT_ID is... you guessed it, the ID of your project. You can find this in the cloud console.
You'll then redirect the user to this URL with a few additional parameters:
https://oauth-redirect.googleusercontent.com/r/YOUR_PROJECT_ID?code=AUTHORIZATION_CODE&state=STATE_STRING
Where YOUR_PROJECT_ID is as noted above, AUTHORIZATION_CODE is the code you've generated, and STATE_STRING is the value of the state parameter that you were sent in the request.
For details, you can see https://developers.google.com/actions/identity/oauth2-code-flow#handle_user_sign-in
I want to create an access token for my foursquare app.
I've tried it with an PHP library and runscope.com
I always geht this message from foursquare, after I've clicked on "create token" (please note, I translated this text from German into English):
"Connection failed: This app hast got an configuration problem and couldn't make a connection to your facebook-account.
Cause of Error: Callback uri is not valid for this consumer."
I think the callback uri is the redirect uri - but that doesn't work. Is this false? What have I to do?
Can anybody help me or have an idea?
Thank you very much!
Make sure that the redirect_uri in your OAuth URL matches exactly what you have in your app settings page on Foursquare.
I am working on a Rails application which is in development mode and it can register with omniauth.
The host is
http://localhost:3000/
I'm using the gems:
gem 'omniauth'
gem 'omniauth-foursquare'
gem 'omniauth-instagram'
When I register through omniauth with Foursquare there's no problem at all. All the settings are right and my redirect_uri in the Foursquare developer settings equals to the host (localhost:3000)
However, if I fill in the exact same redirect_uri (localhost:3000) in the Instagram client manager*. Instagram gives me this:
{
"code": 400,
"error_type": "OAuthException",
"error_message": "Redirect URI does not match registered redirect URI"
}
Based upon this URL:
https://instagram.com/oauth/authorize?response_type=code&client_id=<ID>&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Finstagram%2Fcallback&state=18415adf24dd97873e61094f67c0fb7a94857fedf93e9d2e&scope=basic
*
What am I doing wrong according to Instagram and how should this be fixed?
Fixed the issue myself. Added localhost:3000/auth/instagram/callback as redirect_uri and it worked just fine.
When you specify a redirect URI http://localhost:3000 is not the same as http://localhost:3000/ (note the trailing slash).
Make sure the callback URI matches exactly.
I needed to add
http://localhost:3000/users/auth/instagram/callback
as my callback URI because I'm using Devise.
For Drupagram module (Drupal 7) added: http://localhost:3000/instagram/oauth as redirect_uri
For anyone that is having this issue and the redirect uri provided to instagram is exactly the same as the one you're using, i've found that some users were typing my website address as http://www.example.com/login when in my instagram api it was http://example.com/login.
Then I created a php script to detect if the string www exists in my url and then reload to the same page but without the www.
if(strpos($_SERVER['HTTP_HOST'], 'www.') !== FALSE) {
header("Location: ".str_replace('www.', '', $_SERVER['HTTP_HOST'].'/'.$_SERVER['REQUEST_URI']));
}
Issue: Oauth2 Instagram API “redirect URI does not match registered redirect URI
My Solution: Please check ng-cordova-oauth.js file and check instagram function in that. Verify redirect_uri value is same as register your application on developer console for Instagram.If it is same it works properly,otherwise you get the above issue.
{"error_type": "OAuthException", "code": 400, "error_message": "Redirect URI does not match registered redirect URI"}
How to get Access token from instagram
Your website url must be same when registering sandbox clien api on instagram https://www.instagram.com/developer/
here we used website url: https://adlivetech.com
Valid redirect URIs: https://adlivetech.com/
For live website you can get Access token easily by using https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=token
Replace above url "CLIENT-ID" with your client ID
Replace above url "REDIRECT-URI" redirect url should be your domain name like: http://adlivetech.com
https://adlivetech.com/access_token=YOUR_ACCESS_TOken
I mucked around with this for ages..
perhaps it has changed but:
http://localhost:3000/users/auth/instagram/int_callback
was the callback URI that finally worked for me.
The ONLY issue i was having was that it was exactly an incorrect callback uri and wish I had seen here that I should be focusing on my Instagram setup instead of modifying my code.. to get the error message means everything else is working (so far), otherwise you would not be getting that particular error message.
Good luck!! - don't get distracted!
This isn't a ruby-specific but for anyone else wrestling w/this here's what got me past it (note: nothing in above answers worked for me):
1. Edit your Client on Instagram Developer and uncheck Disable implicit OAuth.
2. Click Update Client to save it.
3. Now go to https://instagram.com/oauth/authorize/?client_id=[CLIENT_ID]&redirect_ur.... Just change [CLIENT_ID] and [REDIRECT_URI] with their values.
4. After that you will be redirected to [REDIRECT_URI]/#access_token=[ACCESS_TOKEN]. Get it and place it on the Instagram Access Token textbox.
(Source: https://www.drupal.org/project/instagram_feeds/issues/2140479)
...Or you can follow the instructions here:
https://instagram.com/developer/authentication/?hl=en
See "Step One: Direct your user to our authorization URL" section.
Just simply supply your CLIENT_ID and REDIRECT_URI.
https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=code