Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
795 views
in Technique[技术] by (71.8m points)

oauth - Instagram API: do scopes work with OAuth2 implicit authentication flow?

I'm making requests against the Instagram API from a mobile app. Currently, I'm just directing the user to the Instagram auth url and specifying the response type to be "access_token". Specifying this response_type is known as implicit auth.

Explicit auth: response_type=code Implicit auth: response_type=access_token

I'm trying to get around needing to stand up a web service to facilitate explicit auth. This would be necessary because in explicit auth flow, the Instagram API needs to make a call to a redirect URL and pass in a "code" parameter. The code would then be used by my server-side code to make a final request to Instagram for an access token.

It's much more efficient for a mobile app to use implicit flow because no extra privately-maintained auth service needs to be stood up to handle it.

Instagram supports the following scopes:

  • basic - to read any and all data related to a user (e.g. following/followed-by lists, photos, etc.) (granted by default)
  • comments - to create or delete comments on a user’s behalf
  • relationships - to follow and unfollow users on a user’s behalf
  • likes - to like and unlike items on a user’s behalf

When I make any other type of scope specification besides "basic", I get the following response when the user provides the credentials at the auth URL:

{"code": 400, "error_type": "OAuthException", "error_message": "Invalid scope field(s): basic+likes"}

Any combination of scopes other than "basic" gives the same response.

So, my question are these:

  • Is explicit auth required in order to specify scopes beyond "basic"??
  • Do I need to specify response_type=code in order for extended scopes to work?
  • Is this an Instagram limitation, or is it a limitation of OAuth 2.0?

Thanks in advance.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I just tried with implicit oauth flow with my client_id and scope=basic+likes and it worked. Replace the url below with your client_id and redirect_uri, and try.

https://instagram.com/oauth/authorize/?client_id=CLIENT_ID&redirect_uri=REDIRECT-URI&response_type=token&scope=basic+likes

May be Instagram is not allowing scope other than basic with new client accounts...


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...