Using Instagram for Social Login in ForgeRock Access Management 7.0

‍

Instagram API uses OAuth 2.0 protocol for authentication and authorization. All of the requests are made over SSL. Instagram authentication requests require an access token.

Create an Instagram App & Get Client ID & Client Secret

In order to use Instagram for social logins we need to first create an Instagram app and get the client id and client secret by following the steps below:

1. Create a Developer account with Facebook https://developers.facebook.com/apps
2. Go to “My Apps” and “Create an Application”, Select Type:  “Build Connected Experiences”
3. Go to Instagram Basic Display, and select “Set Up”
4. In the Valid redirect URL add: https://am.example.com:18443/am/oauth2c/OAuthProxy.jsp
5. Deauthorize Callback URL (must be https): This is the URL that will be called when a user wants to revoke using their Instagram to login.
6. Data Deletion Request URL (must be https): A link the user is able to go to when asking you to delete their data off of your application.

Add Instagram Test User to App

To add our Instagram test user to our app:

1. Remaining on our Facebook Developer App dashboard, on the left-hand side select Roles > Roles
2. Scroll down to the section “Instagram Testers” and type in the Instagram username
3. Once added, go to Instagram via web browser and login, if you haven’t already.
4. On the top right, click on the account profile picture > Settings
5. Click on “Apps and Websites” on the left side, and change tab to “Tester Invites Tab”.
6. Click “Accept”

Configure in ForgeRock Access Management

We now need to create an authentication module and then an authentication chain which will use the Instagram authentication module.

After the  Instagram app is created with client id and client secret:

1. Click on Authentication -> Modules
2. Create a new authentication module

• Name: “Instagram”
• Type: Legacy OAuth 2.0 / OpenID Connect
• Note: There is a “Social Auth Instagram” module type, however as of AM 7.0.0  this has not been updated

   3.   Select “Create”

   4.   Field values:

• Client Id: Id from the Instagram app
• Client Secret: From the Instagram app
• Authentication End Point URL: https://api.instagram.com/oauth/authorize
• Access Token EndPoint: https://api.instagram.com/oauth/access_token
• User Profile Service: https://graph.instagram.com/me?fields=id,username
• Scope: user_profile, user_media

                Can also be just user_profile

• OAuth2 Access Token Profile Service Parameter name: acces_token
• Proxy URL: https://am.example.com:18443/am/oauth2c/OAuthProxy.jsp

                 Note that this link is automatically generated by ForgeRock, but must match your                   valid redirect URL specified in Facebook.

    5.  Account Mapper Configuration: id=uid

    6.  Attribute Mapper Configuration: username=givenName id=uid username=sn (can be           customized according to your setup)

 Instagram will only return id, and username. If email is required for an account,                   disable “Create account if it does not exist”. Also, disable “Prompt for password                   setting and activation code”

    7.  OpenID Connect validation configuration type: client_secret

    8.  Go to Authentication > Chains

    9.  Add Chain

                 Name: InstagramChain

   10.  Add a Module

    11.  Select “Instagram” module. “Select Criteria” can be set to optional.

Add Login Icon

After creating the new module and chain in ForgeRock, we need to add a login icon on the main page of the website that ForgeRock Access Management is protecting. The steps are as follows:

1. Click on Services -> Social Authentication Implementation (or create it)
2. Add “Instagram” to Display names as (Map Key – Corresponding Map Value) = (“Instagram” – “Instagram”)
3. In the Authentication Chains section, add (Map Key – Corresponding Map Value) = (“Instagram” – “InstagramChain”)
4. In the Icons section, add (Map Key – Corresponding Map Value) = (“Instagram” – “url to Instagram image”)

                 If you do not wish to place an icon, leave the “value” to be blank.

   5.  In the Enabled Implementations section, add “Instagram” as a new value.

        To see the Instagram logo, you will need to logout of the app being protected. You          should then see the Instagram logo on the login page. If you don’t see it, restart your          instance.

Congratulations, you should now be able to use your new Instagram social authentication.

Note: A blog entry was originally written in 2016, providing instruction for all the steps (from start to end) on using Instagram for Social Login in ForgeRock Access Management.  In this blog entry, we have updated the instructions to be compatible with ForgeRock Access Management version 7.0 and the current version of Instagram.

‍

‍