CODEWITHSUNDEEP
instagraminstagram-api
Benni
Benni

Reputation: 969

Error from Instagram: The access_token provided is invalid

I setup a website a year ago with an Instagram feed displaying images from an account on the site. It has worked perfectly until last week where i started throwing: Error from Instagram: The access_token provided is invalid. from nowhere.

I looked around and found that (rather logically) I need to re-generate the token. I tried doing so via instagram.pixelunion

while logged in on the admin account. It did not work.

So I tried this one: https://www.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=token

And I figured how that site worked was to paste in the clientId into the url afterclient_id=xxxand refreshed the page, but doing that returns:

{"error_type": "OAuthForbiddenException", "code": 403, "error_message": "Implicit authentication is disabled"}

Here's my code for fetching the images (I have a instafeed.min.js also):

    var feed = new Instafeed({
    target: "insta-images",
    get: 'user',
    userId: "xxxxxx",
    clientId: "xxxxxxxxxxxxxxxxxxxxxxxx",
    accessToken: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    resolution: "standard_resolution",
    limit: 8,
    template: '<li id="insta"><a href="{{link}}"><img src="{{image}}"/></a></li>'
});


feed.run();

Upvotes: 3

Views: 9769

Answers (1)

enator
enator

Reputation: 2599

If you look at your application setting:

https://www.instagram.com/developer/clients/{clientId}/edit/ under "security"; You would have Disable implicit OAuth checked. which is described as:

Disable the Client-Side (Implicit) OAuth flow for web apps. If you check this option, Instagram will better protect your application by only allowing authorization requests that use the Server-Side (Explicit) OAuth flow. The Server-Side flow is considered more secure. See the Authentication documentation for details.

To solve the error you are facing: Implicit authentication is disabled you need to use server side auth. That is response_type=code rather response_type=token in your request.

Extra details on the difference in OAuth 2.0 for response_type:

response_type=code will give you the temporary code and you use token endpoint to receive token from the code (https://www.instagram.com/developer/authentication/):

curl -F 'client_id=CLIENT_ID' \
-F 'client_secret=CLIENT_SECRET' \
-F 'grant_type=authorization_code' \
-F 'redirect_uri=AUTHORIZATION_REDIRECT_URI' \
-F 'code=CODE' \
https://api.instagram.com/oauth/access_token

Upvotes: 1

Related Questions