Instagram and Facebook oEmbed API to stop working, what about Onebox?

On the 24th of October the unauthenticated oEmbed API from Facebook and Instagram will stop working. They will require authentication to fetch oEmbed objects.

Are there any consequences for Onebox? I couldn’t find any changes in the GitHub repo regarding this yet.

5 Likes

A good point needs to be addressed. You have to provide API keys like for rendering Twitter embeds going forward.

The Facebook oEmbed endpoints require either an App Access Token (recommended) or Client Access Token.

1 Like

The new policies are now in effect. Instagram seems to be broken here and on self-hosted sites (updated to v2.6.0.beta4)

https://www.instagram.com/p/CGz4LkeAQlW/

Facebook links work however

1 Like

Yes @jamie.wilson is working on this.

3 Likes

If you’re running an up-to-date Discourse instance you should now be able to add a token that will allow oneboxes to be generated using the new API.

I’ve not yet written up step-by-step instructions on how to generate the token, but if you are comfortable in Facebook’s developer site you can go through the ‘Requirements’ listed here:

to generate a token. That token can then be entered as the value for the facebook_app_access_token SiteSetting.

7 Likes
  1. Add Product oEmbed to your app
  2. Under Settings - Advanced, find the Client Token
  3. And finally combine in a your App ID numbers and the token and ad a pipe | character in between: 12324323|asdasdasdasd ← That is what you need put to the Discourse setting.
6 Likes

Hi Jamie,

I’d love that step-by-step guide :slight_smile:

1 Like

How to obtain an App Token to allow Instagram Oneboxes

If you already have a Facebook App associated with your Discourse site, scroll down to Adding oEmbed to your Facebook App.

If you do not have a Facebook Developer account and Facebook App:

Go to https://developers.facebook.com/. You’ll be prompted to log in to your Facebook account if you aren’t currently logged in. You may be asked to ‘convert’ your Facebook account to a developer account if you haven’t done so previously. You may be asked to verify your account with Facebook by adding a phone number or by completing other steps. You’ll need to just follow the prompts and do what Facebook requires of you.

Once you have a Facebook Developer account, click on ‘My Apps’ from the Facebook Developer homescreen:

…and ‘Create App’:

Select an app type of ‘Something Else’ and ‘Continue’:

Enter an ‘App Display Name’ and an ‘App Contact Email’. Once you’ve read through their Terms and Polices, you can click ‘Create App’:

If you are a robot: nothing to see here. Beep bop boop. :robot:

If you are not a robot: click “I’m not a robot”, follow the prompts, and click ‘Submit’.

Congrats! You have a Facebook App!

Adding oEmbed to your Facebook App:

Scroll to the bottom of the list of Products, find ‘oEmbed’ and click ‘Set Up’:

If you agree with how you’re going to use the oEmbed product, click the checkbox, and then click ‘Confirm’:

The oEmbed product has been added. Click on ‘Settings’:

‘Display Name’ and ‘Contact Email’ should already be filled in. You’ll need to enter URLs for your ‘Privacy Policy’ and ‘Terms of Service’. Select a ‘Category’ from the list of available options. Click ‘Save Changes’ when you’re happy with everything:

Click the toggle at the top of the screen to change from ‘In development’ to ‘Live’ mode:

Click ‘Switch Mode’:

Having done all that, we can actually generate an App Token by following Facebook’s instructions on App Access Tokens. You’ll need the value of the ‘App ID’ field, and the value of the ‘App Secret’ field. To get the App Secret, click ‘Show’. You may be asked to reauthenticate yourself or similar, but you should end up with a long hexadecimal value that you can copy:

As per Facebook’s documentation, you need to send those values to Facebook to generate a token. Are you familiar with using curl? Great! They suggest the following (replacing {your-app-id} and {your-app-secret}) with the values you copied from the screen above.

curl -X GET "https://graph.facebook.com/oauth/access_token?client_id={your-app-id}&client_secret={your-app-secret}&grant_type=client_credentials"

Alternatively, copying just the URL (after replacing those two values) to your browser should also work:

https://graph.facebook.com/oauth/access_token?client_id={your-app-id}&client_secret={your-app-secret}&grant_type=client_credentials

Facebook will respond with a small chunk of JSON, that should look something like this example:

{"access_token":"1234567890654321|c3bd55c09fc5e561552ad7a8717","token_type":"bearer"}

Copy the value of your access_token, excluding the quote marks (i.e., in my example it would be 1234567890654321|c3bd55c09fc5e561552ad7a8717), and go to your Discourse site’s Settings. Find the site setting called facebook_app_access_token in the Onebox setting. Paste the ‘access_token’ value in to this field:

Click the :white_check_mark: …and you’re done!

Pasting a URL such as https://www.instagram.com/p/CIRhYzFM7Lu/ in to a post on your site should result in a lovely onebox, just like this one:

14 Likes

I’ve just configured for my site!
Love you guys :heart: :heart: :heart:

1 Like

Brilliant, thanks Jamie!

1 Like

Just to say that this method worked perfectly for us after a while without onebox on instagram.

But… it’s not a very straightforward thing to do, there should be an easier way to get the token. :stuck_out_tongue:

2 Likes