Using Instagram for Social Login in OpenAM

Instagram API uses OAuth 2.0 protocol for authentication and authorization. All of the requests are made over SSL. Instagram authentication requests require an access token.


Changes in OAuth2 Module

The authentication flow of Instagram is little bit different than  Facebook and Google. Instagram requires the access token be sent as a  query string to retrieve the private information whereas Google and  Facebook sends the access token as authorization header. Hence, it  requires a small change in the OpenAM OAuth2 Authentication Module to handle Instagram access tokens.

The change is outlined in this below:



Responses

The Facebook and Instagram GET responses also differ and as hence, they need to be handled accordingly in the OpenAM configuration.


The Facebook response is very simple and looks like:


Whereas the Instagram response is a more complex structure of nested maps. It resembles the following example:


OpenAM Configuration for Handling the Instagram ResponseIn order to use Instagram for social logins we need to first need to create an Instagram app and get the client id and client secret.


  1. Go to https://www.instagram.com/developer/
  2. Click on Register Your Application.
  3. Provide Application name, description, company name.
  4. In the Website URL add your OpenAM url i.e.  https://openam.example.com:18443
  5. In the Valid redirect URIs add  https://openam.example.com:18443/openam/oauth2c/OAuthProxy.jsp
  6. Fill in the other required fields and get the client id and client secretAfter getting the client id and secret from Instagram,  we need to create an authentication module and then an authentication chain which will use the Instagram authentication module.


Steps:

  1. Click on Authentication -> Modules
  2. Create a new authentication module “Instagram”.
  3. Field values:Client Id: Id from instagram appClient Secret: instagram appAuthentication End Point URL: https://api.instagram.com/oauth/authorizeAccess Token EndPoint: https://api.instagram.com/oauth/access_tokenUser Profile Service:  https://api.instagram.com/v1/users/selfScope: Can be basic, public_content, follower_list, comments, relationships, and likes.Oauth2 Access Token Profile Service Parameter Name: access_tokenAccount Mapper Configuration: data.id=uidAttribute Mapper Configuration: data.full_name=givenName data.id=uid data.full_name=sn (can be customized according to requirement)
  4. Create a new chain “InstagramChain” and add “Instagram” module as required.


After creating the new module and chain, we need to add a login icon on the main page.

Steps:

  1. Click on Services -> Social Authentication Implementation.
  2. Add “Instagram” to Display names as (Map Key – Corresponding Map Value) = (“Instagram” – “Instagram”)
  3. In the Authentication Chains section, add (Map Key – Corresponding Map Value) = (“Instagram” – “InstagramChain”)
  4. In Icons section, add (Map Key – Corresponding Map Value) = (“Instagram” – “url to Instagram image”)
  5. In Enabled Implementations section, add “Instagram” as new value.


Logout and then you can see Instagram logo below your login form on the main page.


“Congratulations, now you should be able to use your new Instagram social authentication.”