My friend was quite confused about OAuth 2 today (facebook specifically) so I decided to write a couple of tricks for facebook and instagram authentication.
There are two types of authentification.
- With backend callback
- With frontend callback (facebook specific implementation)
On your redirect url you are getting
code GET argument and that code is what you use to get
Most modern applications today are modern and it is just not natural experience to have redirect and to reaload page.
A lot of people would like to use same style of authentification for Instagram as for facebook.
What facebook did is build one more layer on top of OAuth.
They developed backend that just returns token to your frontend application.
Before we implement the same thing for instagram, we need to get familiar with couple of concepts.
When you open popup window, you are getting window object back and now, you can reference it.
In window you opened you can reference parent using
In this case, you are sending
message which is data object to
window if target origin matches with origin of that window.
Transfer is optional object that will be removed from your scope and added to that message. It can also contain stuff that is not data.
What we now need is backend script that will grab token from code and send it to window that called it.
In window that needs to login, we are opening instagram login in popup and put link to that backend script in redirect.
Now, we need to wait for token response