Using Instagram for Social Login in ForgeRock Access Management 7.0
Instagram API uses OAuth 2.0 protocol for authentication and authorization. All of the requests are made over SSL. Instagram authentication requests require an access token.
Create an Instagram App & Get Client ID & Client Secret
In order to use Instagram for social logins we need to first create an Instagram app and get the client id and client secret by following the steps below:
Create a Developer account with Facebook https://developers.facebook.com/apps
Go to “My Apps” and “Create an Application”, Select Type: “Build Connected Experiences”
Go to Instagram Basic Display, and select “Set Up”
In the Valid redirect URL add: https://am.example.com:18443/am/oauth2c/OAuthProxy.jsp
Deauthorize Callback URL (must be https): This is the URL that will be called when a user wants to revoke using their Instagram to login.
Data Deletion Request URL (must be https): A link the user is able to go to when asking you to delete their data off of your application.
Add Instagram Test User to App
To add our Instagram test user to our app:
Remaining on our Facebook Developer App dashboard, on the left-hand side select Roles > Roles
Scroll down to the section “Instagram Testers” and type in the Instagram username
Once added, go to Instagram via web browser and login, if you haven’t already.
On the top right, click on the account profile picture > Settings
Click on “Apps and Websites” on the left side, and change tab to “Tester Invites Tab”.
Configure in ForgeRock Access Management
We now need to create an authentication module and then an authentication chain which will use the Instagram authentication module.
After the Instagram app is created with client id and client secret:
Click on Authentication -> Modules
Create a new authentication module
Type: Legacy OAuth 2.0 / OpenID Connect
Note: There is a “Social Auth Instagram” module type, however as of AM 7.0.0 this has not been updated
3. Select “Create”
4. Field values:
Client Id: Id from the Instagram app
Client Secret: From the Instagram app
Authentication End Point URL: https://api.instagram.com/oauth/authorize
Access Token EndPoint: https://api.instagram.com/oauth/access_token
User Profile Service: https://graph.instagram.com/me?fields=id,username
Scope: user_profile, user_media
Can also be just user_profile
OAuth2 Access Token Profile Service Parameter name: acces_token
Note that this link is automatically generated by ForgeRock, but must match your valid redirect URL specified in Facebook.
5. Account Mapper Configuration: id=uid
6. Attribute Mapper Configuration: username=givenName id=uid username=sn (can be customized according to your setup)
Instagram will only return id, and username. If email is required for an account, disable “Create account if it does not exist”. Also, disable “Prompt for password setting and activation code”
7. OpenID Connect validation configuration type: client_secret
8. Go to Authentication > Chains
9. Add Chain
10. Add a Module
11. Select “Instagram” module. “Select Criteria” can be set to optional.
Add Login Icon
After creating the new module and chain in ForgeRock, we need to add a login icon on the main page of the website that ForgeRock Access Management is protecting. The steps are as follows:
Click on Services -> Social Authentication Implementation (or create it)
Add “Instagram” to Display names as (Map Key – Corresponding Map Value) = (“Instagram” – “Instagram”)
In the Authentication Chains section, add (Map Key – Corresponding Map Value) = (“Instagram” – “InstagramChain”)
In the Icons section, add (Map Key – Corresponding Map Value) = (“Instagram” – “url to Instagram image”)
If you do not wish to place an icon, leave the “value” to be blank.
5. In the Enabled Implementations section, add “Instagram” as a new value.
To see the Instagram logo, you will need to logout of the app being protected. You should then see the Instagram logo on the login page. If you don’t see it, restart your instance.
Congratulations, you should now be able to use your new Instagram social authentication.
Note: A blog entry was originally written in 2016, providing instruction for all the steps (from start to end) on using Instagram for Social Login in ForgeRock Access Management. In this blog entry, we have updated the instructions to be compatible with ForgeRock Access Management version 7.0 and the current version of Instagram.