-
Notifications
You must be signed in to change notification settings - Fork 540
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update to new Instagram APIs #441
Comments
Martin, just FYI Instagram states that their API should not be used from now on as an authentication method as noticed in: https://developers.facebook.com/docs/instagram-basic-display-api
Even though they claim that, you COULD still update the nuget to use the new API to authenticate. The problem is they now have a strict validation process to let you use their API in production which involves sending them videos explaining how are you using their API. Maybe it is time to consider deprecating the instagram OAuth nuget. Let me know your thoughts! |
Ah, interesting. I hadn't thoroughly read the documentation yet. If that is indeed the case that it shouldn't be used for OAuth authentication, then we probably would deprecate it. I'll make a more informed assessment when I take a look at the documentation properly. Thanks Mateo 👍 |
My research and review of the new Instagram Basic Display APIs also confirms what @mateolevy mentioned above. It looks like the OAuth authentication for Instagram has been deprecated. Here is a helpful blog post from Facebook about this Instagram change. https://developers.facebook.com/blog/post/2020/03/10/final-reminder-Instagram-legacy-api-platform-disabled-mar-31/ Here is a quote from the blog Thanks ALL for the help and insight into this issue. |
Just taken the time to look myself, and yep, indeed looks like OAuth with Instagram is no longer a thing. @kevinchalet - shall I delete the Instagram provider from the code base and add something to the README to that effect that it's now deprecated and obsolete? We could also mark the NuGet package as deprecated. |
@martincostello I'm not familiar enough with Instagram (for which I don't even have an account 😅), but if I read the link @lukefulliton shared correctly, it seems they still support OAuth 2.0 for pure authorization (which is its original role). While our handlers are generally used for authentication (well, Maybe we shouldn't deprecate the package but just tell folks that Instagram doesn't want them to use it as a login mechanism? |
hmm or deprecate it and warn on package consumption (on package restore / update) that they do not want it to be used as a login mechanism? That way it ensures that they have actually read the notice clear as day. |
* Add provider documentation index Add an initial documentation index for the providers for #459. * Link to ClientId and ClientSecret Link to the Microsoft documentation for ClientId and ClientSecret. Add missing github.md file. * Link to docs from README Link to the new docs from the README. * Add Amazon docs Add the Amazon provider documentation. * Add provider-specific documentation Add some provider-specific documentation for BattleNet through GitHub. * Add Instagram provider documentation Relates to #441. * Tidy up XML documentation Tidy up some of the XML documentation for the Discord and Instagram options. * More provider documentation Add docs for LinkedIn through to QQ. * Add remaining provider documentation Add documentation for the Reddit through Weibo providers. * Tidy up XML documentation Update some property documentation for consistency and clarity. * Simplify constant usage Add a static for SuperOfficeAuthenticationConstants to make the code lines shorter. * Document Apple provider properties Add documentation for the Apple provider's configuration options. * Link to enumerations Add links to the definition of the different enumerations. * Fix class name Fix incorrect class name being used. * Update index Add the required/optional values for all providers. * Minor docs tidy-up Format string constants as strings. Add link to enum. * Fix typo Use the right kind of apostrophe. * Link to OAuthOptions Add a link to the OAuthOptions class.
Update the Instagram provider to use the Basic Display API. See aspnet-contrib#441.
Update the Instagram provider to use the Basic Display API. See #441.
Hi all... looking into this. And I am so very confused. 😅 I did see that it's deprecated, but the Instagram Display API Application that is created has the look and feel of an Oauth2 application, complete with callback URIs and the lot. Additionally, the endpoints still all work. Although, I am getting a 400 error with invalid scopes message when I use it (that's what led me here):
If the API is not meant for authentication, why does it still have these endpoints and all the configuration fixings for it? Thank you for any clarification/insight you can provide. Facebook-based support is abysmally absent and is nearly impossible to find answers anywhere. Sort of shocking when you consider the scale/size of the organization. |
The short answer is that I don't know. I haven't used the provider beyond testing the changes for the previous deprecation worked. Maybe Instagram have changed something that means that a scope of some kind is required? You'd have to consult the documentation they provide to see what's changed. With so many providers, we can't keep up to date with them all as the services evolve over time, particularly the ones we don't use in our own projects. For example, I only personally use the Amazon, Apple, GitHub and Okta providers. |
I totally get that @martincostello, thank you for your reply here. I am feeling a little overwhelmed with the number of providers I have implemented, myself. 😅 I did a bunch of searching for the 400 error before posting on here, but it was an interesting find here that the package was almost deprecated. All the pieces seem to be there, but this weird scope error. I will continue searching. Thank you again for the assistance. |
As raised in #435, Instagram has deprecated the API we have currently integrated against (copy of the announcement below).
By the end of September 2020, we will need to update the Instagram provider to use the new Basic Display API and/or Graph API so that the provider continues to work.
In the short term, users can workaround the change to the basic permission scope by changing their code to register the provider as below:
This will remove the scope the provider registers by default:
AspNet.Security.OAuth.Providers/src/AspNet.Security.OAuth.Instagram/InstagramAuthenticationOptions.cs
Line 28 in 02e5017
Annoucement
The text was updated successfully, but these errors were encountered: