Search code examples
phpiosmysqlweb-servicesinstagram-api

https PHP/MySql webservice with ios instagram login

I'm trying to wrap my mind around something. I want to create a web service that accesses a database from an ios/ android app. Now I want the user to be able to log into the app through the Instagram API.

I'm a bit confused as in how they tie together. Obviously step one is to login with Instagram. What do I do then? I would like to save this user information I receive (let's say at least the username/ID) to the database with some other info that don't come from Instagram, like the location. All that in a secure way. can i use the instagram token for this? I'm a bit stuck on this process...

Solution

  • After you complete the step 3 Instagram Autorization, which is pretty simple and i wont talk about it since you question is how to integrate Instagram data with you database, you should receive the following json:

    {
    "access_token": "fb2e77d.47a0479900504cb3ab4a1f626d174d2d",
    "user": {
        "id": "1574083",
        "username": "snoopdogg",
        "full_name": "Snoop Dogg",
        "profile_picture": "..."
    }
}

    What you do with the data is a matter of architeture:

    1) You user may authorize through instagram or regular username/password

    Create a user table that has both password field and instagram user_id:

    Your user table might be like:

    CREATE TABLE users (
    id INT AUTO_INCREMENT NOT NULL ,
    username VARCHAR(255) NOT NULL,
    password VARCHAR(255) DEFAULT NULL,
    instagram_userid INT DEFAULT NULL,
    instagram_accesstoken VARCHAR(255) DEFAULT NULL,
    PRIMARY KEY(id)
);

    Anytime a user authenticates through Instagram you should:

    1. Look for you uses table for a row with the same instagram_userid returned by instagram api.
    2. If the instagram_userid already exists, you should authenticate you user in YOUR application now (for example, using SESSIONS/COOKIES, i.e. the usual way you have done your whole life).
    3. If the instagram_userid doesnt exist, you should create a user row, with the username returned by Instagram API. Also authenticate this user with SESSION.

    2)Instagram is your only user choice for authenticating

    You should then just create a user table that is only a mirror for instagram api return. You can treat instagram_userid as your primary key:

    CREATE TABLE users (
    username VARCHAR(255) NOT NULL,
    instagram_userid INT DEFAULT NULL,
    instagram_accesstoken VARCHAR(255) DEFAULT NULL,
    PRIMARY KEY(instagram_userid)
 );
    1. Anytime a user authenticates throught Instagram API, you should search in you user table for a row with the same id as returned by Instagram API.
    2. If the row exists, authenticate that user in your application.
    3. If the row doesnt exist, create it and authenticate the user.

    Account merging

    If your application handles both username/passoword authentication and maybe others authentication providers , you should expect that a user might forget that he registered through you app with lets way Instagram Auth, and try to autenticate through username/password. If this happens, you might provide a way to merge the accounts, instead of duplicating it. For example, if the user Instagram email exists in your database as a username, you should update this row with instagram api data, instead of assuming its a new account. In this way, now your user can authenticate both with usuername/password and Instagram.

    Access token

    The instagram access token is stored, but not used. Why? Because it would be used for fetching instagram data, like user's posts, friends list, etc. If you want to do it, you should not assume the token is valid, because it might expire, so you should handle token expiration and provide a way to the user authenticate again.