league/oauth2-instagram

Instagram OAuth 2.0 Client Provider for The PHP League OAuth2-Client

Maintainers

👁 stevenmaguire

Package info

github.com/thephpleague/oauth2-instagram

pkg:composer/league/oauth2-instagram

Statistics

Installs: 1 103 310

Dependents: 35

Suggesters: 10

Stars: 66

Open Issues: 1

3.1.0 2022-02-09 20:30 UTC

Requires (Dev)

Suggests

None

Provides

None

Conflicts

None

Replaces

None

MIT 8de83b72498862979c3f296a17b9fc7fdf728622

authorizationclientoauthoauth2instagramauthorisation

This package is auto-updated.

Last update: 2026-06-23 22:18:02 UTC

README

👁 Latest Version
👁 Software License
👁 Build Status
👁 Coverage Status
👁 Quality Score
👁 Total Downloads

This package provides Instagram OAuth 2.0 support for the PHP League's OAuth 2.0 Client.

Installation

To install, use composer:

composer require league/oauth2-instagram

Usage

Usage is the same as The League's OAuth client, using \League\OAuth2\Client\Provider\Instagram as the provider.

Authorization Code Flow

$provider = new League\OAuth2\Client\Provider\Instagram([
 'clientId' => '{instagram-client-id}',
 'clientSecret' => '{instagram-client-secret}',
 'redirectUri' => 'https://example.com/callback-url',
 'host' => 'https://api.instagram.com', // Optional, defaults to https://api.instagram.com
 'graphHost' => 'https://graph.instagram.com' // Optional, defaults to https://graph.instagram.com
]);

if (!isset($_GET['code'])) {

 // If we don't have an authorization code then get one
 $authUrl = $provider->getAuthorizationUrl();
 $_SESSION['oauth2state'] = $provider->getState();
 header('Location: '.$authUrl);
 exit;

// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {

 unset($_SESSION['oauth2state']);
 exit('Invalid state');

} else {

 // Try to get an access token (using the authorization code grant)
 $token = $provider->getAccessToken('authorization_code', [
 'code' => $_GET['code']
 ]);

 // Optional: Now you have a token you can look up a users profile data
 try {

 // We got an access token, let's now get the user's details
 $user = $provider->getResourceOwner($token);

 // Use these details to create a new profile
 printf('Hello %s!', $user->getNickname());

 } catch (Exception $e) {

 // Failed to get user details
 exit('Oh dear...');
 }

 // Use this to interact with an API on the users behalf
 echo $token->getToken();
}

Requesting a long-lived access-token

$token = $provider->getAccessToken('authorization_code', [
 'code' => $_GET['code']
]);
 
$longLivedToken = $provider->getLongLivedAccessToken($token);

Refreshing a long-lived access-token

$token = $provider->getAccessToken('authorization_code', [
 'code' => $_GET['code']
]);

// you need to fetch a long-lived token first! 
$longLivedToken = $provider->getLongLivedAccessToken($token);

$refreshedToken = $provider->getRefreshedAccessToken($longLivedToken);

Managing Scopes

When creating your Instagram authorization URL, you can specify the state and scopes your application may authorize.

$options = [
 'state' => 'OPTIONAL_CUSTOM_CONFIGURED_STATE',
 'scope' => ['user_profile', 'user_media'] // array or string
];

$authorizationUrl = $provider->getAuthorizationUrl($options);

If neither are defined, the provider will utilize internal defaults.

At the time of authoring this documentation, the following scopes are available.

  • user_profile
  • user_media

Testing

$ ./vendor/bin/phpunit

Contributing

Please see CONTRIBUTING for details.

Credits

License

The MIT License (MIT). Please see License File for more information.