OmniAuth Instagram Graph  Build Status Gem Version

Instagram OAuth2 Strategy for OmniAuth.

Supports OAuth 2.0 server-side flow with new Instagram Basic Display API and Long Live Tokens. Read the Instagram docs for more details:

Inspired by OmniAuth Strategy for Facebook.


Add to your Gemfile:

gem 'omniauth-instagram-graph'

Then bundle install.


OmniAuth::Strategies::InstagramGraph is simply a Rack middleware. Read the OmniAuth docs for detailed instructions:

Here’s a quick example, adding the middleware to a Rails app in config/initializers/omniauth.rb:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :instagram_graph, ENV['INSTAGRAM_APP_ID'], ENV['INSTAGRAM_APP_SECRET']


You can configure several options, which you pass in to the provider method via a Hash:

Option name Default Description
scope 'user_profile,user_media' A comma-separated list of permissions you want to request from the user.
info_fields 'account_type,id,media_count,username' A comma-separated list of fields should be returned when getting the user’s info (see more
callback_url   Specify a custom callback URL used during the server-side flow. Note this must be allowed by your app configuration on Facebook (see ‘Valid OAuth redirect URIs’ under the ‘Basic Display’ settings section in the configuration for your Facebook app for more details).
exchange_access_token_to_long_lived true Should access_token be exchanged to a Long-Lived token during callback phase of OmniAuth (see more about Long-Lived tokens here:

Auth Hash

Here’s an example Auth Hash available in request.env['omniauth.auth']:

  provider: 'instagram_graph',
  uid: '1234567',
  info: {
    name: 'igor_alexandrov',
    nickname 'igor_alexandrov'
  credentials: {
    token: 'ABCDEF...', # OAuth 2.0 access_token, which you may wish to store
    expires_at: 1321747205, # when the access token expires (it always will)
    expires: true # this will always be true
  extra: {
    raw_info: {
      account_type: 'PERSONAL',
      id: '17841400519842852',
      media_count: 211,
      username: "igor_alexandrov"

Long-Lived Tokens

Long-Lived Tokens are valid for 60 days. To be able to use token after, you need to refresh it. Here is a sample code, that will help.

token = client.get_token(access_token: "<CURRENT LONG-LIVED TOKEN>")
refreshed = token.refresh!


gem bump --file=lib/omniauth/instagram-graph/version.rb --push --tag --release --pretend


The gem is available as open source under the terms of the MIT License.

Code of Conduct

Everyone interacting in the OmniAuth::Instagram::Graph project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.