When linking with the Instagram Basic Display, our app asks for the user_profile and user_media scopes. When linking, the user can de-select the user_media scope, which defeats the purpose of linking with our app.
I'd like to validate that the user has granted the user_media permissions, but can't figure out a good way to do it.
The Facebook Access Token Debugger is able to display the scopes that were granted when I paste in an IG Basic token.
I've tried using the /debug_token endpoint from the Graph API. It lets me debug Facebook and IG Graph tokens, but not IG Basic:
GET /debug_token?input_token=<token-to-debug>&access_token=<app-access-token>
The "app-access-token" I'm supplying is my Instagram Basic Display app's ID and secret combined together like this: app-id|app-secret
When I do this I get an error saying:
Error validating application. Cannot get application info due to a system error.
The only thing I can think of doing is to try accessing the user's IG media and detecting if it fails w/a permissions error. I'd like to avoid doing this if there is a better way :)
I ended up verifying this with an api request that tries to fetch the last media posted by the user:
(Ruby)
def validate_permissions
params = { access_token: token, fields: ['id'], limit: 1 }
get('https://graph.instagram.com/me/media', params)
end
The get method in this class has an error handler for when the HTTP status >= 400. In the error handler, if the HTTP status is a 403 and the error has a "code" of 190 then we can conclude the user has not granted the permission.
The error message in this scenario is:
Application does not have permission for this action (access user media)