Instagram and Facebook oEmbed API to stop working, what about Onebox?

On the 24th of October the unauthenticated oEmbed API from Facebook and Instagram will stop working. They will require authentication to fetch oEmbed objects.

Are there any consequences for Onebox? I couldn’t find any changes in the GitHub repo regarding this yet.

5 Likes

A good point needs to be addressed. You have to provide API keys like for rendering Twitter embeds going forward.

The Facebook oEmbed endpoints require either an App Access Token (recommended) or Client Access Token.

1 Like

The new policies are now in effect. Instagram seems to be broken here and on self-hosted sites (updated to v2.6.0.beta4)

https://www.instagram.com/p/CGz4LkeAQlW/

Facebook links work however

1 Like

Yes @jamie.wilson is working on this.

3 Likes

If you’re running an up-to-date Discourse instance you should now be able to add a token that will allow oneboxes to be generated using the new API.

I’ve not yet written up step-by-step instructions on how to generate the token, but if you are comfortable in Facebook’s developer site you can go through the ‘Requirements’ listed here:

to generate a token. That token can then be entered as the value for the facebook_app_access_token SiteSetting.

8 Likes
  1. Add Product oEmbed to your app
  2. Under Settings - Advanced, find the Client Token
  3. And finally combine in a your App ID numbers and the token and ad a pipe | character in between: 12324323|asdasdasdasd ← That is what you need put to the Discourse setting.
6 Likes

Hi Jamie,

I’d love that step-by-step guide :slight_smile:

1 Like

How to obtain an App Token to allow Instagram Oneboxes

If you already have a Facebook App associated with your Discourse site, scroll down to Adding oEmbed to your Facebook App.

If you do not have a Facebook Developer account and Facebook App:

Go to https://developers.facebook.com/. You’ll be prompted to log in to your Facebook account if you aren’t currently logged in. You may be asked to ‘convert’ your Facebook account to a developer account if you haven’t done so previously. You may be asked to verify your account with Facebook by adding a phone number or by completing other steps. You’ll need to just follow the prompts and do what Facebook requires of you.

Once you have a Facebook Developer account, click on ‘My Apps’ from the Facebook Developer homescreen:

…and ‘Create App’:

Select an app type of ‘Something Else’ and ‘Continue’:

Enter an ‘App Display Name’ and an ‘App Contact Email’. Once you’ve read through their Terms and Polices, you can click ‘Create App’:

If you are a robot: nothing to see here. Beep bop boop. :robot:

If you are not a robot: click “I’m not a robot”, follow the prompts, and click ‘Submit’.

Congrats! You have a Facebook App!

Adding oEmbed to your Facebook App:

Scroll to the bottom of the list of Products, find ‘oEmbed’ and click ‘Set Up’:

If you agree with how you’re going to use the oEmbed product, click the checkbox, and then click ‘Confirm’:

The oEmbed product has been added. Click on ‘Settings’:

‘Display Name’ and ‘Contact Email’ should already be filled in. You’ll need to enter URLs for your ‘Privacy Policy’ and ‘Terms of Service’. Select a ‘Category’ from the list of available options. Click ‘Save Changes’ when you’re happy with everything:

Click the toggle at the top of the screen to change from ‘In development’ to ‘Live’ mode:

Click ‘Switch Mode’:

Having done all that, we can actually generate an App Token by following Facebook’s instructions on App Access Tokens. You’ll need the value of the ‘App ID’ field, and the value of the ‘App Secret’ field. To get the App Secret, click ‘Show’. You may be asked to reauthenticate yourself or similar, but you should end up with a long hexadecimal value that you can copy:

As per Facebook’s documentation, you need to send those values to Facebook to generate a token. Are you familiar with using curl? Great! They suggest the following (replacing {your-app-id} and {your-app-secret}) with the values you copied from the screen above.

curl -X GET "https://graph.facebook.com/oauth/access_token?client_id={your-app-id}&client_secret={your-app-secret}&grant_type=client_credentials"

Alternatively, copying just the URL (after replacing those two values) to your browser should also work:

https://graph.facebook.com/oauth/access_token?client_id={your-app-id}&client_secret={your-app-secret}&grant_type=client_credentials

Facebook will respond with a small chunk of JSON, that should look something like this example:

{"access_token":"1234567890654321|c3bd55c09fc5e561552ad7a8717","token_type":"bearer"}

Copy the value of your access_token, excluding the quote marks (i.e., in my example it would be 1234567890654321|c3bd55c09fc5e561552ad7a8717), and go to your Discourse site’s Settings. Find the site setting called facebook_app_access_token in the Onebox setting. Paste the ‘access_token’ value in to this field:

Click the :white_check_mark: …and you’re done!

Pasting a URL such as https://www.instagram.com/p/CIRhYzFM7Lu/ in to a post on your site should result in a lovely onebox, just like this one:

15 Likes

I’ve just configured for my site!
Love you guys :heart: :heart: :heart:

1 Like

Brilliant, thanks Jamie!

1 Like

Just to say that this method worked perfectly for us after a while without onebox on instagram.

But… it’s not a very straightforward thing to do, there should be an easier way to get the token. :stuck_out_tongue:

3 Likes

New oEmbed Read Feature and App Review Requirements

Today, June 8, 2021, we announced v11.0 of the Graph API and Marketing APIs. With this update, there are new requirements to be able to access oEmbed APIs . Some of your apps currently access the oEmbed APIs and might be affected by these changes.

To continue accessing the oEmbed APIs, you will have to submit your apps for review by September 6th, 2021 . If you want to request new access to the oEmbed APIs, you will also need to submit your app(s) for review.

To learn more, please review the updated requirements. If your apps haven’t been reviewed for the oEmbed API feature by September 6, 2021, your apps will lose access to this feature. To avoid disruption to your apps’ oEmbed access, please submit for App Review as soon as possible.

New rules from our Facebook overlords, I’ve just submitted both of my apps for review. I found a public post with an Instagram embed and linked directly to show how the integration works. Hopefully this is sufficient.

7 Likes

Please let us know their response to the review. This is coming up for everybody.

2 Likes

Is this something you can share here @znedw ?

What changes did you need to make before submitting for review?

I’m also wondering what to do in response to this email.

1 Like


womp womp, review failed.

here’s what i submitted

Your submission details

Is a Facebook reviewer able to access or login to your app to verify you’re using permissions or features according to Facebook Platform Policy?

Yes

Platform Settings

Desktop

Site URL:https://fixed.org.au/

No account needed

  1. Visit The 'what you've done to your bike today' thread - #10218 by jaseyjase - Post your ride - FOA
  2. The instagram post is embeded in the page. The site is running Discourse forum software (https://discourse.org/)

Oembed Read

Tell us how you’re using this permission or feature

Discourse (https://discourse.org/) can embed Instagram and Facebook posts in community posts, it keeps people on our website while richly embedding content

Oembed URL

The 'what you've done to your bike today' thread - #10218 by jaseyjase - Post your ride - FOA

@znedw I think platform settings is meant to be Website and not Desktop?

I just resubmitted (had some extra text in Oembed URL) and it’s been approved!!! :smiley: waiting for my second app to be…

3 Likes

I’m not sure what changed in the latest commit, but Instagram links no longer onebox:
https://www.instagram.com/p/CPtoYAMj526/

The text looks the same as in your initial review submit. Can you elaborate on what extra information you provided compared to the failed review?

In addition: Did you pass FB login data to the forum or not?

1 Like