thiagolocatelli / android-instagram-oauth Goto Github PK

OAuth Implementation for Instagram integration

Java 100.00%

android-instagram-oauth's Introduction

Android OAuth Library for Instagram Applications

Usage

You can create an utility class where you can define your application credentials, like the one below:

	public class ApplicationData {
		public static final String CLIENT_ID = "";
		public static final String CLIENT_SECRET = "";
		public static final String CALLBACK_URL = "";
	}

To instantiage the main class for the oauth flow, you need to follow the code below:

	InstagramApp mApp; = new InstagramApp(this, 
		ApplicationData.CLIENT_ID, 
		ApplicationData.CLIENT_SECRET, 
		ApplicationData.CALLBACK_URL);

Once you have the main class ready for the authorization, you can start the authorization flow by calling the following method:

	mApp.authorize();

If you token is expired, you can call this method to refresh it:

	mApp.refreshToken();

To get the account list, call the following method

	mApp.getAccountList();

Contributions

Any contribution to this project is welcome, feel free to fork and create pull requests

Other Android Libraries

Use these libraries also to get the best for your android application

Android ActionBar by Johan Nilsson
Android Pull to Refresh by Johan Nilsson
SwipeView by Jason Fry
Facebook Integration by Lorensius
Twitter Integration by Lorensius
Quick Actions by Lorensius

android-instagram-oauth's People

Contributors

Stargazers

Watchers

android-instagram-oauth's Issues

how to post a image on instragram

Blank White screen on webview

When i tried to login first time, at that time it showing me blank white dialog. So i goes back and try again in that case working fine. So can you help me how can i solved this.

fetchUserName() and java.io.FileNotFoundException

Hello,

I'm trying to use the library and I found a bug in fetchUserName() method - it fails with FileNotFoundException. However, it's easy to fix, just remove the line urlConnection.setDoOutput(true); from the method, because it forces POST request instead of GET.

Thank you for great job, the lib is of great help for me.

Best regards,
Slava Panasenko

Storing CLIENT_SECRET

Cant we get access token via Redirect URL instead of storing the CLIENT_SECRET on client side?

request.

Hello
Excuse me. my English writing is bad.
Because i did not have your email then i create new issue.
i need a SIGNED key that have permission of like.
instagram policy have been changed. and new public app can not access to like endpoint.
Link(http://developers.instagram.com/post/116410697261/publishing-guidelines-and-signed-requests)
your public key in github have like permission
i can buy it from you .( or i can give 15% of my sell to you .) if you reset secret key and enable forced SIGNED and give secret to me.
you can create new key for github library.
i promise you that i use it only in my application.
and my application is valid in (TERMS OF USE) of instagram.

please reply to my message for more speeking about it.
[email protected]

thanks.

Wrong username / password

Hi,

I don't know if this lib is still supported, but a developer used it in my app and I sometimes get a strange behavior at the login: the user gets a wrong username / password even if he types the right data. When trying the same login at the browser on the phone, it works.

Anyone experienced something like that?

Thanks

Compromised Security

According to the documentation of Instagram in case you want to authorize a user without a server side element you should use the "Client-Side (Implicit) Authentication" instead of the "Server-side (Explicit) Flow". As mentioned in the documentation:

"If you are building an app that does not have a server component (a purely javascript app, for instance), you will notice that it is impossible to complete step three above to receive your access_token without also having to store the secret on the client. You should never pass or store your client_id secret onto a client. For these situations there is the Implicit Authentication Flow."

In your solution you are actually storing the client_id secret in the client and using the Server-side (Explicit) Flow which compromises the security of your application.

Am I missing something or is this really a security violation?