Instagram API: do scopes work with OAuth2 implicit authentication flow?

I just tried with implicit oauth flow with my client_id and scope=basic+likes and it worked. Replace the url below with your client_id and redirect_uri, and try.

https://instagram.com/oauth/authorize/?client_id=CLIENT_ID&redirect_uri=REDIRECT-URI&response_type=token&scope=basic+likes

May be Instagram is not allowing scope other than basic with new client accounts...


The answer here is that YES, scopes can be requested by implicit auth flow just fine. My problem was related to an OAuth component that I was using. The component was silently URL-encoding the value of the scope param, which was rejected by the Instagram auth endpoint. I updated the component (Xamarin.Auth) to accomodate a non-encoded scope param and issued a pull request.

Thanks to @krisak for providing a working URL that I could test.


So I had similar issues regarding the encoding of the + when trying to get permission for multiple scopes (basic, likes, comments). The solution I found was to use spaces between the individual scopes:

In the config/initializers/omniauth.rb file:

Rails.application.config.middleware.use OmniAuth::Builder do
    provider :instagram, 'TOKEN', 'SECRETKEY' , {:scope => "basic likes comments"}
end