Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

React Native Instagram Explicit Authentication

Tags:

authentication

react-native

instagram

I'm creating a react native app and adding instagram authentication to it. I want users to be able to "add" their instagram accounts to their main user account, so I have a "connect your instagram" button.

I have this working on my web app fine.. The flow is as follows:

  1. User clicks 'connect instagram' button and a new window opens and is directed to https://instagram.com/oauth/authorize/?client_id=xxxx blah blah
  2. User authenticates and instagram redirects to my REDIRECT_URI with a CODE parameter
  3. My API server takes the CODE parameter and sends a post request to instagram with all the credentials.
  4. Instagram verifies this information and gives me the users ACCESS_TOKEN

Can someone tell me how this is supposed to work in an app?

What's my REDIRECT_URI supposed to be? The server api?

Is it the same flow as my web app? If so, how do I get the users back to my app after the window is closed. How does my app know that the user now has an access token?

like image 809
Jason Avatar asked Oct 29 '22 16:10

Jason

1 Answers

With a native application the flow is similar to what you described for the web application.

The Auth0 Mobile + API architecture scenario describes what should happen when you need to authenticate a user for a mobile application and then later access an API on behalf of that user.

Summary

  • you will continue to use the authorization code grant;
  • if the authorization server in question supports it you should use the PKCE (Proof Key for Code Exchange by OAuth Public Clients) for added security;
  • you will need to select how you will receive the code in the native application; you can use a custom scheme com.myinstaapp:, a local web server with the http: scheme or a few other options; (see this answer on OAuth redirect URI for native application for other alternatives)
  • you exchange the code obtained by the native application with an access token in a similar way to what you would do for a web application; (except for the use of client secrets which are in general not useful for native applications as they would be easily leaked)

Additional Information

The flow described in the Auth0 scenario assumes that authentication will happen through an OpenID Connect compliant flow and in addition you'll get the access token as specified by OAuth2. I'm not overly familiar with Instagram so if they only support OAuth2 that part is of course not applicable.

like image 78
João Angelo Avatar answered Nov 02 '22 23:11

João Angelo
Sign in to Comment

Related questions

HttpUrlConnection proxy authentication gets into redirect loop
Cookie-based Forms Authentication Across MVC 5 and ASP.NET Core applications
Closing session properly in owin MVC5
Using dart RPC and shelf_auth for some procedures
How to protect static folder in express with jwt
AWS IoT - Access shadow through .Net, REST, with certificate
Grails 3.0.x Interceptor matchAll().excludes for multiple controllers
What is the best way to handle connection to many Twitter accounts?
LDAP configuration for mongo throws permission denied
SLIM Framework Route Authentication v2 vs v3
Mobilefirst server returns error 403 after session timeout handling in a native ios application
gapi login state not retained in users browser after page refresh
How to implement basic authentication on github pages created by slate
Custom Authorisation in CakePHP 3
How do I use JWT with grpc?
Why is Asp.Net Core Authentication Scheme mandatory
UID doesn't show out of constructor
Folder structure, login design, routes and grunt tasks
Rails - Devise sign in / authentication failure does not populate errors array with message
Rails 3 - Devise With OmniAuth - Redirect after signing in goes to /users/sign_in

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!