Hey guys,
Small question: I’m trying to scrape a client’s Instagram Feed, but with the updated IG API, it now requires OAuth. I’ve worked with OAuth before, so I know the flow to follow, but I have no idea where I should store the client’s access token after she’s logged in with IG on the site.
I’ve had some ideas, but no clue how safe they’d be. So I’m turning to you guys to give me the ideal solution!
Any help?
You can set a variable in the config.php, so it’s available for you in the whole site:
// Setting
c::set('access_token', 1234);
// Getting the value
c::get('access_token');
I don’t know about safety, tho 
Problem with that is that my access token can expire, so the user would have to go through the process of requesting an access token. As I’d like to automate this workflow, I’d have to store the variable somewhere.
I was thinking about setting it as a site variable (using $site->update()), but not entirely sure how secure these variables are stored.
With $site->update(), the token is stored in plain text in the content/site.txt file. That isn’t optimal, but you need to store the token in plain text anyway, otherwise you won’t be able to get at it again from your code. If you make absolutely sure that your content files can’t be accessed via HTTP by accessing the file’s URL, it should be alright, but of course storing it in a PHP config file would be better.
I assume Kirby takes care of the securing of the content files already?
If not, please explain the PHP config way if you can
The content folder is protected by the .htaccess file, yes. If you don’t use the .htaccess file provided by Kirby, e.g. if you do your settings in the server configuration, or use a non-Apache server), you have to take care of that yourself.
Ok great, sounds good!
Thanks for the help!