[GH-ISSUE #258 ] Instagram login issue #150

Author

Owner

@phimage commented on GitHub (Aug 6, 2016):

In your code I see :
let oauthswift =
and not
self.oauthswift =
so the object could be released

Your version is 0.5.0 or 0.5.1 or 0.5.2?

I don't known about instagram but some provider need you to declare the callbackurl for your application (associated with your secret and consumer key)

state:"INSTAGRAM" : maybe not authorized (in demo app we use random string)

Maybe you can find information in previous issues
https://github.com/OAuthSwift/OAuthSwift/search?q=instagram&type=Issues&utf8=%E2%9C%93

using herokuapp.com is only to test with url scheme oauth-swift (in production use your own app scheme)

@phimage commented on GitHub (Aug 6, 2016): In your code I see : let oauthswift = and not self.oauthswift = so the object could be released Your version is 0.5.0 or 0.5.1 or 0.5.2? I don't known about instagram but some provider need you to declare the callbackurl for your application (associated with your secret and consumer key) state:"INSTAGRAM" : maybe not authorized (in demo app we use random string) Maybe you can find information in previous issues https://github.com/OAuthSwift/OAuthSwift/search?q=instagram&type=Issues&utf8=%E2%9C%93 using herokuapp.com is only to test with url scheme oauth-swift (in production use your own app scheme)

kerem commented

Author

Owner

@floriangbh commented on GitHub (Aug 6, 2016):

Thank your for your response !

This is the cocoapod 0.5.0 version.

Firstly I'm not able to use the demo app with instagram, I do not undestrand the redirection URI which I need to put in the project and in Instagram dev website...
Can you give me an example with step for user Instagram connect with the demo app ? (except for API key)

I can't put oauth-swift://oauth-callback/instagram in Instagram website like in this post for exemple : https://github.com/OAuthSwift/OAuthSwift/issues/53

With this code (in demo app) :

        let state: String = generateStateWithLength(20) as String
        self.oauthswift = oauthswift
        oauthswift.authorize_url_handler = get_url_handler()
        oauthswift.authorizeWithCallbackURL( NSURL(string: "http://oauthswift.herokuapp.com/callback/instagram")!, scope: "basic", state:state, success: {
            credential, response, parameters in
            print("pass")
            self.showTokenAlert(serviceParameters["name"], credential: credential)
            self.testInstagram(oauthswift)
            }, failure: { error in
                print(error.localizedDescription)
        })

It pass in success callback, with "No access_token, no code and no error provided by server"... :'(

@floriangbh commented on GitHub (Aug 6, 2016): Thank your for your response ! This is the cocoapod 0.5.0 version. Firstly I'm not able to use the demo app with instagram, I do not undestrand the redirection URI which I need to put in the project and in Instagram dev website... Can you give me an example with step for user Instagram connect with the demo app ? (except for API key) I can't put oauth-swift://oauth-callback/instagram in Instagram website like in this post for exemple : https://github.com/OAuthSwift/OAuthSwift/issues/53 With this code (in demo app) : ``` let state: String = generateStateWithLength(20) as String self.oauthswift = oauthswift oauthswift.authorize_url_handler = get_url_handler() oauthswift.authorizeWithCallbackURL( NSURL(string: "http://oauthswift.herokuapp.com/callback/instagram")!, scope: "basic", state:state, success: { credential, response, parameters in print("pass") self.showTokenAlert(serviceParameters["name"], credential: credential) self.testInstagram(oauthswift) }, failure: { error in print(error.localizedDescription) }) ``` It pass in success callback, with "No access_token, no code and no error provided by server"... :'(

kerem commented

Author

Owner

@ZsoltMaslanyi commented on GitHub (Aug 6, 2016):

"I can't put oauth-swift://oauth-callback/instagram in Instagram website"

I'm having the exact same problem as Instagram tries to force an absolute URI that starts with http or https. Just sent them a message, will post here if I get a meaningful response.

@ZsoltMaslanyi commented on GitHub (Aug 6, 2016): "I can't put oauth-swift://oauth-callback/instagram in Instagram website" I'm having the exact same problem as Instagram tries to force an absolute URI that starts with http or https. Just sent them a message, will post here if I get a meaningful response.

kerem commented

Author

Owner

@floriangbh commented on GitHub (Aug 6, 2016):

Nice, waiting for your response, thank's :-)

But I think there are other way with 0AuthSwift... I just don't don't understand how does it work...

@floriangbh commented on GitHub (Aug 6, 2016): Nice, waiting for your response, thank's :-) But I think there are other way with 0AuthSwift... I just don't don't understand how does it work...

kerem commented

https://github.com/OAuthSwift/OAuthSwift/wiki/API-with-only-HTTP-scheme-into-callback-URL

Author

Owner

@phimage commented on GitHub (Aug 6, 2016):

@phimage commented on GitHub (Aug 6, 2016): https://github.com/OAuthSwift/OAuthSwift/wiki/API-with-only-HTTP-scheme-into-callback-URL

kerem commented

Author

Owner

@ZsoltMaslanyi commented on GitHub (Aug 7, 2016):

Thanks @phimage !

@ZsoltMaslanyi commented on GitHub (Aug 7, 2016): Thanks @phimage !

kerem commented

Author

Owner

@ZsoltMaslanyi commented on GitHub (Aug 9, 2016):

Hey guys,

Thanks to @phimage 's link on the HTTP only callback URL I was able to move forward, but got stuck with a weird phenomenon that's the same as @terflogag 's original problem.

When trying to do implicit auth for Instagram, after a successful authentication (logging in with a Sandbox user) Instagram's response does not include an access token and there's no error messages either.

I wrote my own server app so I can have a valid callback URL that I can monitor, and weirdly enough the "state" parameter gets passed along from Instagram, but no access token and no error messages.

I've tried using various authorize_url_handlers, I've tried the original demo app, I've downloaded the sample server app that does the redirect and deployed it again thinking the problem was with my own server solution, but the result is the same.

Any help would be greatly appreciated!

@ZsoltMaslanyi commented on GitHub (Aug 9, 2016): Hey guys, Thanks to @phimage 's link on the HTTP only callback URL I was able to move forward, but got stuck with a weird phenomenon that's the same as @terflogag 's original problem. When trying to do implicit auth for Instagram, after a successful authentication (logging in with a Sandbox user) Instagram's response does _not_ include an access token and there's no error messages either. I wrote my own server app so I can have a valid callback URL that I can monitor, and weirdly enough the "state" parameter gets passed along from Instagram, but no access token and no error messages. I've tried using various authorize_url_handlers, I've tried the original demo app, I've downloaded the sample server app that does the redirect and deployed it again thinking the problem was with my own server solution, but the result is the same. Any help would be greatly appreciated!

kerem commented

Author

Owner

@ejpusa-zz commented on GitHub (Aug 10, 2016):

If you start from scratch with the IG demo on the site, it does work.
OAuth2 is super complex. Plus your mobile is a moving target.

Think adding OAuth2 to an existing App is a bit tough. But starting first
with a working OAuth2 app, totally bare-bones, and than building out from
there has worked for me.

Bare-Bare-Bare bones. :-)

On Tue, Aug 9, 2016 at 4:29 PM, Zsolt Maslanyi notifications@github.com
wrote:

Hey guys,

Thanks to @phimage https://github.com/phimage 's link on the HTTP only
callback URL I was able to move forward, but got stuck with a weird
phenomenon that's the same as @terflogag https://github.com/terflogag
's original problem.

When trying to do implicit auth for Instagram, after a successful
authentication Instagram's response does not include an access token
and there's no error messages either.

I wrote my own server app so I can have a valid callback URL that I can
monitor, and weirdly enough the "state" parameter gets passed along from
Instagram, but no access token and no error messages.

I've tried using various authorize_url_handlers, I've tried the original
demo app, I've downloaded the sample server app that does the redirect and
deployed it again thinking the problem was with my own server solution, but
the result is the same.

Any help would be greatly appreciated!

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/OAuthSwift/OAuthSwift/issues/258#issuecomment-238680684,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABOHS8o4G4gGOWa389z-pSNq63FOlUARks5qeOMUgaJpZM4Jdwon
.

@ejpusa http://twitter.com/ejpusa

@ejpusa-zz commented on GitHub (Aug 10, 2016): If you start from scratch with the IG demo on the site, it does work. OAuth2 is super complex. Plus your mobile is a moving target. Think adding OAuth2 to an existing App is a bit tough. But starting first with a working OAuth2 app, totally bare-bones, and than building out from there has worked for me. Bare-Bare-Bare bones. :-) On Tue, Aug 9, 2016 at 4:29 PM, Zsolt Maslanyi notifications@github.com wrote: > Hey guys, > > Thanks to @phimage https://github.com/phimage 's link on the HTTP only > callback URL I was able to move forward, but got stuck with a weird > phenomenon that's the same as @terflogag https://github.com/terflogag > 's original problem. > > When trying to do implicit auth for Instagram, after a successful > authentication Instagram's response does _not_ include an access token > and there's no error messages either. > > I wrote my own server app so I can have a valid callback URL that I can > monitor, and weirdly enough the "state" parameter gets passed along from > Instagram, but no access token and no error messages. > > I've tried using various authorize_url_handlers, I've tried the original > demo app, I've downloaded the sample server app that does the redirect and > deployed it again thinking the problem was with my own server solution, but > the result is the same. > > Any help would be greatly appreciated! > > — > You are receiving this because you are subscribed to this thread. > Reply to this email directly, view it on GitHub > https://github.com/OAuthSwift/OAuthSwift/issues/258#issuecomment-238680684, > or mute the thread > https://github.com/notifications/unsubscribe-auth/ABOHS8o4G4gGOWa389z-pSNq63FOlUARks5qeOMUgaJpZM4Jdwon > . ## --- @ejpusa http://twitter.com/ejpusa

kerem commented

Author

Owner

@floriangbh commented on GitHub (Aug 10, 2016):

Even with the demo I stay stuck with "No access_token, no code and no error provided by server"...

I will try again tonight, and post here if it work.

@floriangbh commented on GitHub (Aug 10, 2016): Even with the demo I stay stuck with "No access_token, no code and no error provided by server"... I will try again tonight, and post here if it work.

kerem commented

Author

Owner

@ZsoltMaslanyi commented on GitHub (Aug 10, 2016):

@ejpusa: Thanks for chiming in!

As I mentioned, even the demo app didn't work for me.

I've registered a new Instagram client on their dev site, which only accepts callback URLs starting with http. Thanks to @phimage 's wiki on that issue ( https://github.com/OAuthSwift/OAuthSwift/wiki/API-with-only-HTTP-scheme-into-callback-URL ) I've deployed the demo server app that's on this wiki, registered it as a callback URL and had the same result: I successfully log in with a sandbox user, Instagram calls the registered callback URL but there's no access token and no error messages. Strangely enough it does pass the "state" parameter it was called with.

@ZsoltMaslanyi commented on GitHub (Aug 10, 2016): @ejpusa: Thanks for chiming in! As I mentioned, even the demo app didn't work for me. I've registered a new Instagram client on their dev site, which only accepts callback URLs starting with http. Thanks to @phimage 's wiki on that issue ( https://github.com/OAuthSwift/OAuthSwift/wiki/API-with-only-HTTP-scheme-into-callback-URL ) I've deployed the demo server app that's on this wiki, registered it as a callback URL and had the same result: I successfully log in with a sandbox user, Instagram calls the registered callback URL but there's no access token and no error messages. Strangely enough it does pass the "state" parameter it was called with.

kerem commented

Author

Owner

@floriangbh commented on GitHub (Aug 11, 2016):

I tred again, same problem...

with :

let state: String = generateStateWithLength(20) as String
        self.oauthswift = oauthswift
        oauthswift.authorize_url_handler = get_url_handler()
        oauthswift.authorizeWithCallbackURL( NSURL(string: "http://oauthswift.herokuapp.com/callback/instagram")!, scope: "basic", state:state, success: {
            credential, response, parameters in
            self.showTokenAlert(serviceParameters["name"], credential: credential)
            self.testInstagram(oauthswift)
            }, failure: { error in
                print(error.localizedDescription)
        })

in the demo app (juste change URL and scope), and same url in Instagram dev center.

With this I successfully log in but have "No access_token, no code and no error provided by server"

@floriangbh commented on GitHub (Aug 11, 2016): I tred again, same problem... with : ``` let state: String = generateStateWithLength(20) as String self.oauthswift = oauthswift oauthswift.authorize_url_handler = get_url_handler() oauthswift.authorizeWithCallbackURL( NSURL(string: "http://oauthswift.herokuapp.com/callback/instagram")!, scope: "basic", state:state, success: { credential, response, parameters in self.showTokenAlert(serviceParameters["name"], credential: credential) self.testInstagram(oauthswift) }, failure: { error in print(error.localizedDescription) }) ``` in the demo app (juste change URL and scope), and same url in Instagram dev center. With this I successfully log in but have "No access_token, no code and no error provided by server"

kerem commented

Author

Owner

@ZsoltMaslanyi commented on GitHub (Aug 11, 2016):

@phimage @terflogag : Hey guys, this might be a real issue. Anyone we could notify to take a look if they have the time? (I'll try to look at the source myself but I'm not familiar with it)

@ZsoltMaslanyi commented on GitHub (Aug 11, 2016): @phimage @terflogag : Hey guys, this might be a real issue. Anyone we could notify to take a look if they have the time? (I'll try to look at the source myself but I'm not familiar with it)

kerem commented

Author

Owner

@phimage commented on GitHub (Aug 11, 2016):

sorry I have no access to a mac os environment for the moment (holiday)
The error "No access_token, no code and no error provided by server" occurs in :
authorizeWithCallbackURL function l73 in OAuth2Swift.swift
there is a local variable responseParameters filled with URL query or/and fragment

if you can put a breakpoint on var responseParameters = [String: String](), I am interested in url value
then responseParameters value after query + fragment addition (6 lines after)

@phimage commented on GitHub (Aug 11, 2016): sorry I have no access to a mac os environment for the moment (holiday) The error "No access_token, no code and no error provided by server" occurs in : `authorizeWithCallbackURL` function l73 in OAuth2Swift.swift there is a local variable `responseParameters` filled with URL query or/and fragment if you can put a breakpoint on `var responseParameters = [String: String]()`, I am interested in `url` value then `responseParameters` value after query + fragment addition (6 lines after)

kerem commented

Author

Owner

@ZsoltMaslanyi commented on GitHub (Aug 11, 2016):

@phimage Thanks for the hint!

I'll give it a look tomorrow and post my findings.

In the meantime, enjoy your holiday! :)

@ZsoltMaslanyi commented on GitHub (Aug 11, 2016): @phimage Thanks for the hint! I'll give it a look tomorrow and post my findings. In the meantime, enjoy your holiday! :)

kerem commented

Author

Owner

@parthjdabhi commented on GitHub (Aug 12, 2016):

@phimage i have also applied same, and get state parameter only in callback url

@parthjdabhi commented on GitHub (Aug 12, 2016): @phimage i have also applied same, and get state parameter only in callback url

kerem commented

Author

Owner

@phimage commented on GitHub (Aug 12, 2016):

Instead of redirecting to callback URL with error filled, maybe instagram just return some json. (not correct oauth flow... but maybe only for configuration error...)
Trying with web browser to authentificate (because I have no access to mac computer) using url
https://www.instagram.com/oauth/authorize/?client_id=MyID&redirect_uri=http://oauthswift.herokuapp.com/callback/instagram&response_type=token

{
code: 403,
error_type: "OAuthForbiddenException",
error_message: "Implicit authentication is disabled"
}

So I edit my application client in instagram and uncheck "Disable implicit OAuth" to make response_type=token working (see https://www.instagram.com/developer/authentication/ Client-Side (Implicit) Authentication )

I change the callback url to http://localhost also to test and I receive
http://localhost/#access_token=XXXX
so the data was in url fragment

Also, be sure to uncheck the "Disable implicit OAuth" box or else this method will not work.

@phimage commented on GitHub (Aug 12, 2016): Instead of redirecting to callback URL with error filled, maybe instagram just return some json. (not correct oauth flow... but maybe only for configuration error...) Trying with web browser to authentificate (because I have no access to mac computer) using url https://www.instagram.com/oauth/authorize/?client_id=MyID&redirect_uri=http://oauthswift.herokuapp.com/callback/instagram&response_type=token ``` swift { code: 403, error_type: "OAuthForbiddenException", error_message: "Implicit authentication is disabled" } ``` So I edit my application client in instagram and uncheck "Disable implicit OAuth" to make response_type=token working (see https://www.instagram.com/developer/authentication/ Client-Side (Implicit) Authentication ) I change the callback url to http://localhost also to test and I receive http://localhost/#access_token=XXXX so the data was in url fragment **Also, be sure to uncheck the "Disable implicit OAuth" box or else this method will not work.**

kerem commented

Author

Owner

@ZsoltMaslanyi commented on GitHub (Aug 12, 2016):

@phimage : Thanks for looking into it!

I think I've found the problem: Both me and @terflogag were using a server-side redirect to get the token, but the access token is getting sent as an URL fragment. (it's after a hashmark)

An URL fragment is meant to be used by the browsers only, to point to an anchor within a document. As it doesn’t affect which resource is returned from the server the anchor part never makes it into the URL on the server side.

I'm not sure how I'm going to work around this just yet, but huge thanks to @phimage for shedding light to the problem! I owe you a beer :)

UPDATE:

I just hooked up everything to an internal webview and it worked like a charm. From my end the case is closed. Thanks again for the great support!

It might worth adding a one-liner to the http only scheme wiki about Instagram or URL fragments so others won't have to go through this again. Also, maybe adding a link to that wiki to the main documentation would also help as more and more providers use http only schemes.

@terflogag @parthjdabhi : If you guys get stuck doing the internal webview thing I'd be happy to send over a step-by-step guide!

@ZsoltMaslanyi commented on GitHub (Aug 12, 2016): @phimage : Thanks for looking into it! I think I've found the problem: Both me and @terflogag were using a server-side redirect to get the token, but the access token is getting sent as an URL fragment. (it's after a hashmark) An URL fragment is meant to be used by the browsers only, to point to an anchor within a document. As it doesn’t affect which resource is returned from the server the anchor part never makes it into the URL on the server side. I'm not sure how I'm going to work around this just yet, but huge thanks to @phimage for shedding light to the problem! I owe you a beer :) UPDATE: I just hooked up everything to an internal webview and it worked like a charm. From my end the case is closed. Thanks again for the great support! It might worth adding a one-liner to the http only scheme wiki about Instagram or URL fragments so others won't have to go through this again. Also, maybe adding a link to that wiki to the main documentation would also help as more and more providers use http only schemes. @terflogag @parthjdabhi : If you guys get stuck doing the internal webview thing I'd be happy to send over a step-by-step guide!

kerem commented

https://github.com/OAuthSwift/OAuthSwift/wiki/Instagram

Author

Owner

@phimage commented on GitHub (Aug 13, 2016):

@phimage commented on GitHub (Aug 13, 2016): https://github.com/OAuthSwift/OAuthSwift/wiki/Instagram

kerem commented

Author

Owner

@ZsoltMaslanyi commented on GitHub (Aug 13, 2016):

@phimage: Awesome!

Please add one more line, something like: "Use the internal web browser technique to access the token. (See the demo app on how to do it). The server redirect technique won't work as the token is in an url fragment which doesn't make it into the URL when calling a server app."

@ZsoltMaslanyi commented on GitHub (Aug 13, 2016): @phimage: Awesome! Please add one more line, something like: "Use the internal web browser technique to access the token. (See the demo app on how to do it). The server redirect technique won't work as the token is in an url fragment which doesn't make it into the URL when calling a server app."

kerem commented

Author

Owner

@phimage commented on GitHub (Aug 19, 2016):

e35c7a2 point out where to handle callback url in iOS demo if no application scheme configured and want to handle in webview directly (only OSX use that method)

@phimage commented on GitHub (Aug 19, 2016): e35c7a2 point out where to handle callback url in iOS demo if no application scheme configured and want to handle in webview directly (only OSX use that method)

kerem commented

Author

Owner

@carobeta commented on GitHub (Oct 26, 2016):

It's possible make Instagram login from the app and not from the browser?

Thanks!

@carobeta commented on GitHub (Oct 26, 2016): It's possible make Instagram login from the app and not from the browser? Thanks!

kerem commented

Author

Owner

@phimage commented on GitHub (Oct 26, 2016):

@carobeta please read the readme.md, authorize url handler

@phimage commented on GitHub (Oct 26, 2016): @carobeta please read the readme.md, authorize url handler

kerem commented

https://github.com/OAuthSwift/OAuthSwift/wiki/API-with-only-HTTP-scheme-into-callback-URL

Author

Owner

@saityoukou commented on GitHub (Nov 22, 2016):

i find below solution work fine.

1.set dummyCallbackUrl to swift.
static let instagramDummyCallbackUrl = "http://xxxx.jp/redirect-instagram.html"

2.also set instagram develop -> security-> Valid redirect URIs:
"http://xxxx.jp/redirect-instagram.html"

3.use dummyCallbackUrl to call OauthSwift.authrize (i use old version:0.4.8)
oauthswift.authorizeWithCallbackURL(NSURL(string: OAuthApi.instagramDummyCallbackUrl)!, scope: "basic", state: "INSTAGRAM", success: {

4.use @phimage -> "Handle a specific URL into delegate" wiki.

below is my code.

func webView(webView: UIWebView, shouldStartLoadWithRequest request: NSURLRequest, navigationType: UIWebViewNavigationType) -> Bool {
    let urlString = request.URL!.absoluteString
    if urlString.hasPrefix("\(OAuthApi.instagramDummyCallbackUrl)") {
        OAuthSwift.handleOpenURL(request.URL!)
        self.dismissWebViewController()
    }
    return true
}

that work!!

@saityoukou commented on GitHub (Nov 22, 2016): i find below solution work fine. 1.set dummyCallbackUrl to swift. static let instagramDummyCallbackUrl = "http://xxxx.jp/redirect-instagram.html" 2.also set instagram develop -> security-> Valid redirect URIs: "http://xxxx.jp/redirect-instagram.html" 3.use dummyCallbackUrl to call OauthSwift.authrize (i use old version:0.4.8) oauthswift.authorizeWithCallbackURL(NSURL(string: OAuthApi.instagramDummyCallbackUrl)!, scope: "basic", state: "INSTAGRAM", success: { 4.use @phimage -> "Handle a specific URL into delegate" wiki. https://github.com/OAuthSwift/OAuthSwift/wiki/API-with-only-HTTP-scheme-into-callback-URL below is my code. func webView(webView: UIWebView, shouldStartLoadWithRequest request: NSURLRequest, navigationType: UIWebViewNavigationType) -> Bool { let urlString = request.URL!.absoluteString if urlString.hasPrefix("\(OAuthApi.instagramDummyCallbackUrl)") { OAuthSwift.handleOpenURL(request.URL!) self.dismissWebViewController() } return true } that work!!

kerem commented

Author

Owner

@nitrag commented on GitHub (Jul 27, 2017):

Who has working code with SafariURLHandler that is able to handle the URL Fragment?

@nitrag commented on GitHub (Jul 27, 2017): Who has working code with `SafariURLHandler` that is able to handle the URL Fragment?

kerem commented

Author

Owner

@phimage commented on GitHub (Jul 27, 2017):

@nitrag the wiki page about instagram say to use a webview delegate in an internal web browser
so I think we cannot do anything with SafariURLHandler except If we find a way to be notified for each url loaded in SFSafariViewController. I don't see in the delegate any callback for that, only for initial url

@phimage commented on GitHub (Jul 27, 2017): @nitrag the wiki page about instagram say to use a webview delegate in an internal web browser so I think we cannot do anything with SafariURLHandler except If we find a way to be notified for each url loaded in SFSafariViewController. I don't see in the delegate any callback for that, only for initial url

kerem commented