Search code examples
phpcurloauthinstagraminstagram-api

Authenticating with OAuth for Instagram without requiring a pop-up window

I'm trying to use OAuth for Instagram to authenticate, planning to use PHP and cURL. The first step is retrieving a "code" e.g:

fd7d5f6cde6c47e4a86ba28b22ac4583

I've worked with the Twitter API before and it works in a similar way. I exchange the code for an access_token and then I can authenticate.

The issue is that the way to authenticate is to hit a button on a window that says "I give permission". Here is that window:

enter image description here

My question : is there a way to do this without requiring hitting this URL?

For example, is there a way for me to automate this process using my script? When I worked with Twitter, I was able to use cURL to go to this link and pass the authentication, to then retrieve this code.

This is part of a project that will only be used by me essentially to retrieve my own recent instagrams. I don't want visitors to my site to be presented with having to hit "authorise" every time they turn up.

At the moment I'm simply doing this, is there anything I can add to the URL to automatically authorise?

$auth_request_url = 'https://api.instagram.com/oauth/authorize/?client_id='.$client_id.'&redirect_uri='.$redirect_url .'&response_type=code';
/* Send user to authorisation */
header("Location: ".$auth_request_url);

Below is an example of the code that works but only once:

$url = "https://api.instagram.com/oauth/access_token";
    $access_token_parameters = array(
        'client_id'                =>     $client_id,
        'client_secret'            =>     $client_secret,
        'grant_type'               =>     'authorization_code',
        'redirect_uri'             =>     $redirect_url,
        'code'                     =>     $code
    );

$curl = curl_init($url);    // we init curl by passing the url
    curl_setopt($curl,CURLOPT_POST,true);   // to send a POST request
    curl_setopt($curl,CURLOPT_POSTFIELDS,$access_token_parameters);   // indicate the data to send
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);   // to return the transfer as a string of the return value of curl_exec() instead of outputting it out directly.
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);   // to stop cURL from verifying the peer's certificate.
    $result = curl_exec($curl);   // to perform the curl session
    curl_close($curl);   // to close the curl session

    $arr = json_decode($result,true);

I got the $code from the end of the URL manually. But it expires after one use. So I need to work out how to run and retrieve the $code each time I want to execute the script.

Solution

  • The approval should only be required the first time that your client asks a user for it and there's no way to avoid that. You're obtaining information from an end user and it would be a huge security hole if clients could get that information or permissions from users without requiring their explicit approval at least once. But after the first time, consent should be stored and reused for your client.