Facebook / Instagram User Access Token Generator

instagram-token-generator.php

<?php
/**
 * Facebook / Instagram User Access Token Generator
 *
 * Documentation: https://developers.facebook.com/docs/instagram-basic-display-api
 *
 * With this code snippet not error like:
 *
 *    {
 *      "error_type": "OAuthException",
 *      "code": 400,
 *      "error_message": "Matching code was not found or was already used"
 *    }
 *
 * Usage: put this file in your server and access it, then fill requested fields.
 *
 * @author      Mehdi Chaouch <[email protected]> <@mehdichch>
 * @copyright   Copyright (c) 2019 ADVOCODO (https://www.advocodo.com)
 * @license     http://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
 */
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
session_start();

$current_page = explode('?', $_SERVER['REQUEST_URI'], 2)[0];//$_SERVER['REQUEST_URI'];
$page = <<<HTML
<h1><a href="$current_page">Facebook / Instagram User Access Token Generator</a></h1>
<p>Documentation: <a target="_blank" href="https://developers.facebook.com/docs/instagram-basic-display-api">developers.facebook.com/docs/instagram-basic-display-api</a>
<form action="" method="POST">
    <p><label for="app_id (instagram)">app_id:</label><input type="text" name="app_id" id="app_id" autocomplete="off" style="width: 250px;"></p>
    <p><label for="app_secret (instagram)">app_secret:</label><input type="text" name="app_secret" id="app_secret" autocomplete="off" style="width: 250px;"></p>
    <p><label for="redirect_uri">redirect_uri:</label><input type="text" name="redirect_uri" id="redirect_uri" autocomplete="off" style="width: 250px;"></p>
    <p><button type="submit" name="button" formmethod="post">Submit</button><p/>
</form>
HTML;
echo $page;

if (filter_has_var(INPUT_POST, 'app_id') && filter_has_var(INPUT_POST, 'app_secret')&& filter_has_var(INPUT_POST, 'redirect_uri')) {
    $app_id = filter_input(INPUT_POST, 'app_id');
    $app_secret = filter_input(INPUT_POST, 'app_secret');
    $redirect_uri = filter_input(INPUT_POST, 'redirect_uri');
    if (filter_var($app_id, FILTER_VALIDATE_INT) && filter_var($redirect_uri, FILTER_VALIDATE_URL)) {
        $redirect_uri_encoded = filter_var($redirect_uri, FILTER_SANITIZE_ENCODED);
        $authorize_url = "https://api.instagram.com/oauth/authorize?app_id=$app_id&redirect_uri=$redirect_uri_encoded&scope=user_profile,user_media&response_type=code";
        echo "uri to generate code: $authorize_url";
        $_SESSION['app_id'] = $app_id;
        $_SESSION['app_secret'] = $app_secret;
        $_SESSION['redirect_uri'] = $redirect_uri;
        header("Location: $authorize_url");
    } else {
        echo 'app_id has to be a number, app_secret a string and redirect_uri a valid uri, check documentation.';
    }
}

if (filter_has_var(INPUT_GET, 'code')) {
    $uri = 'https://api.instagram.com/oauth/access_token';
    $data = [
        'app_id' => $_SESSION['app_id'],
        'app_secret' => $_SESSION['app_secret'],
        'grant_type' => 'authorization_code',
        'redirect_uri' => $_SESSION['redirect_uri'],
        'code' => filter_input(INPUT_GET, 'code'),
    ];

    echo '<pre>';
    print_r($data);
    echo '</pre>';

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $uri); // URI
    curl_setopt($ch, CURLOPT_POST, true); // POST
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data); // POST DATA
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // RETURN RESULT true
    curl_setopt($ch, CURLOPT_HEADER, 0); // RETURN HEADER false
    curl_setopt($ch, CURLOPT_NOBODY, 0); // NO RETURN BODY FALSE / WE NEED THE BODY TO RETURN
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); // VERIFY SSL HOST false
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // VERIFY SSL PEER false
    $result = json_decode(curl_exec($ch), true); // EXECUTE CURL
    echo '<pre>';
    print_r($result);
    echo '</pre>';

    echo '<h2>Enjoy 💁👌🎍😍</h2>';

   session_destroy();
}