2

I have gone through the Instagram Authentication documentation and I could see that there is no direct way to authenticate other than taking the user to a URL specified by the Instagram.

This is what Instagram documentation says.

In order to receive an access_token, you must do the following:

  1. Direct the user to our authorization url. If the user is not logged in, they will be asked to log in. The user will be asked if they would like to grant your application access to her Instagram data.

    The server will redirect the user in one of two ways that you choose:

    • Server-side flow (recommended): Redirect the user to a URI of your choice. Take the provided code parameter and exchange it for an access_token by POSTing the code to our access_token url.

      Implicit flow: Instead of handling a code, we include the access_token as a fragment (#) in the URL. This method is less secure, but allows applications without any server component to receive an access_token.

See we should take user to a particular URL. Instagram uses OAuth 2.0. But the thing is that there is a Mac App named Flume, which does not take user to a URL. It simple lets the user enter their username and password, and Flume connects to Instagram API,and the user successfully gets logged in and able to see his media content.

I wonder how Flume doing this? Am I understanding the documentation incorrectly?

Please help. Thanks in advance.

2 Answers2

3

You're reading the documentation correctly.

Flume doesn't use the Instagram API, so it is not affected by its limitations. Instead, it will likely use web scraping by opening the Instagram website in an invisible browser instance, there entering the user data and commands on the behalf of the user, then scraping the results from the next invisible browser page etc.

There are different approaches on how to achieve this in OS X, a starting point could be Web scraping in Objective C. For a conceptual overview, you could have a look at RoboBrowser, which is a Python library but gives you an idea of how this works.

Community
  • 1
  • 1
Tim
  • 1,659
  • 1
  • 21
  • 33
1

Instead, it will likely use web scraping by opening the Instagram website in an invisible browser instance, there entering the user data and commands on the behalf of the user, then scraping the results from the next invisible browser page etc.

This is actually false. Flume has found a way to use Instagram's internal API to display content. Using a man-in-the middle proxy client such as Charles will show that the network requests that the Flume app makes are very similar to the network requests made by Instagram's different native Apps. Flume mimics Instagram's network requests in order to set HTTP headers/cookies/auth data to retrieve/post information.

I'm happy to post pictures/files to verify this for anyone that may wish for further proof of this.

Charlton Provatas
  • 2,184
  • 25
  • 18