To get an access token with the Instagram Graph API PHP SDK, users must first login through the Facebook login dialog. Facebook will then send the user back to your redirect uri with a code variable in the url which you then exchange for an access token. We can also debug an access token, check what permissions it has, and revoke permissions on it as well.
Facebook Login Dialog
Display a link for the user to click on and login with Facebook. Once the user logs in with Facebook, Facebook will send them to the redirect uri. The redirect uri in your code must also be entered in the Facebook Login settings of you app under “Valid OAuth Redirect URIs”.
use Instagram\FacebookLogin\FacebookLogin;
$config = array( // instantiation config params
'app_id' => 'FB_APP_ID', // facebook app id
'app_secret' => 'FB_APP_SECRET', // facebook app secret
);
// uri facebook will send the user to after they login
$redirectUri = 'https://path/to/fb/login/redirect.php';
$permissions = array( // permissions to request from the user
'instagram_basic',
'instagram_content_publish',
'instagram_manage_insights',
'instagram_manage_comments',
'pages_show_list',
'ads_management',
'business_management',
'pages_read_engagement'
);
// instantiate new facebook login
$facebookLogin = new FacebookLogin( $config );
// display login dialog link
echo '<a href="' . $facebookLogin->getLoginDialogUrl( $redirectUri, $permissions ) . '">' .
'Log in with Facebook' .
'</a>';
Get Access Token From Code
Once the user logs in through Facebook, Facebook directs them to your redirect uri and appends on a code. For the above example once the user logs in, Facebook would redirect them to “https://path/to/fb/login/redirect.php?code={code}”. We then can exchange this code for the access token.
use Instagram\AccessToken\AccessToken;
$config = array( // instantiation config params
'app_id' => 'FB_APP_ID', // facebook app id
'app_secret' => 'FB_APP_SECRET', // facebook app secret
);
// we also need to specify the redirect uri in order to exchange our code for a token
$redirectUri = 'https://path/to/fb/login/redirect.php';
// instantiate our access token class
$accessToken = new AccessToken( $config );
// exchange our code for an access token
$newToken = $accessToken->getAccessTokenFromCode( $_GET['code'], $redirectUri );
if ( !$accessToken->isLongLived() ) { // check if our access token is short lived (expires in hours)
// exchange the short lived token for a long lived token which last about 60 days
$newToken = $accessToken->getLongLivedAccessToken( $newToken['access_token'] );
}
Debugging Access Tokens
Debugging an access token can get you info on the token like when it expires, if it valid, the permissions, the user id, and more! All you need to provide is the token you want debugged along with a developer or admin user access token for your app.
use Instagram\AccessToken\AccessToken;
$config = array( // instantiation config params
'value' => 'ACCESS_TOKEN', // access token to debug
'access_token' => 'ACCESS_TOKEN' // an admin or developer access token for the app
);
// instantiate our access token class
$accessToken = new AccessToken( $config );
// debug the token
$debug = $accessToken->debug();
Get Access Token Permissions
With the user id and access token you can get a list of the permissions along with their status on the access token
use Instagram\AccessToken\AccessToken;
$config = array(
'user_id' => 'USER_ID',
'access_token' => 'ACCESS_TOKEN'
);
// instantiate our access token class
$accessToken = new AccessToken( $config );
// get permissions
$permissions = $accessToken->getPermissions();
Revoking Access Token Permissions
We can revoke any permissions on an access token. We can revoke individual permissions or we can revoke them all at the same time.
use Instagram\AccessToken\AccessToken;
$config = array(
'user_id' => 'USER_ID',
'access_token' => 'ACCESS_TOKEN'
);
// instantiate our access token class
$accessToken = new AccessToken( $config );
// permissions to revoke (leave blank to revoke all permissions)
$revokePermissionName = '';
// revoke the specified permission (if no name is passed in all permissions will be revoked)
$revoke = $accessToken->revokePermissions( $revokePermissionName );
And that is the functionality built into the Instagram Graph API PHP SDK. I know the Instagram Graph API can be a bit confusing and so I hope this makes dealing with access tokens a bit easier! Well, that is going to do it for this post! Leave any comments/questions below and thanks for stopping by the blog!
Links