Swiftyinsta: Instagram Ajax Login

it worked for me, however couldn't get the challenge code from sms, but it worked with email.

Swiftagram's BasicAuthenticator.handleSecond returns invalid response, I didn't test SwiftyInsta.

I can't make it work on SwiftyInsta either 😢 @bariscck
I can't even make it work from Insomnia and Postman… 😱
I hope it's just some temporary issue at Instagram, which might explain it working for @TheM4hd1, being in different regions…

It seems temporary, because Instagram's web app using this endpoint currently. It doesn't work for them either. Returns 400 Bad Request.

the web app works for me too, however I remember about 4 month ago same thing happened and fixed after a few hours.

Yep, it did happened before but we used to get 400 back, which is reasonable.
Direct access gets 405 this time. Even with HEAD.
I'm scared they might just be migrating away from it.
Let's just cross our fingers 🤞

hello, i am getting same problem too, is that solved for you?

Still unsolved, unfortunately @Emretelli7.
I feel like we need to accept the endpoint is just gone 😢

Hi, now instagram use "enc_password" you can't use "password"

enc_password use AES 256 GCM encryption

https://pastebin.com/raw/nYL2W2bG

@xmmti
i tried copy my enc_password from burp suite and post it with my username but turned authenticated: false

so it means i think there is something more than this enc_password

@xmmti
i tried copy my enc_password from burp suite and post it with my username but turned authenticated: false

so it means i think there is something more than this enc_password

Body Request
username=Your Username&enc_password=enc_password

I it's work with me...

Yep. It's way more than just that. I hint at that in my first note.
The new headless authentication method requires cryptography tools that are definitely not standard in Swift. Hashes are quite easy to come by (and they're already in SwiftyInsta through CryptoSwift) but I couldn't find a reliable RSA library in the past (def not for non current releases), and it would be (at least) one more dependency.

API login work fine with me... just ajax his enc_password

Please read my comment @xmmti.

We're all totally aware of a fix. We were before even writing the issue, and we know this was gonna happen sooner or later.
Thing is the fix is super easy for Node JS, or in Python, but definitely not in Swift cause there are no good library for cryptography and CryptoSwift, currently required by SwiftyInsta, or anything based out of CommonCrypto for that matter, is simply not extensive enough.

I'm gonna need to block comments for this thread, cause there's nothing left to add.
In case we decide to implement the alternative (granted we manage to find a valid cryptography library), we'll update the post.
If you wanna contribute, you are more than welcome to send a PR.

@sbertix
hello i am here for my python project because i was getting same problem.
If you want to use it on your mobile app you can run a server which is running python script to connect with your mobile app.

This is not an issue for me @Emretelli7, but thanks. 😊
I already have my authentication routed through a node app.
This is about providing basic authentication directly in SwiftyInsta.

Basic login seems to be working now, I checked two different accounts with and without 2FA.

We'll try to use swift-sodium for AES-GCM-256.
And SwiftyRSA for the RSA part.

Be careful in adding too many dependencies @MatoMA and keep in mind SwiftyRSA does not work on macOS, while swift-sodium is iOS and macOS (no Catalyst, no watchOS, no tvOS, no Linux) only, meaning the feature, and the hole library if it's not packaged in another target, would work on iOS alone, where you can already use web view based authentication without any fuss...\
I tried implementing it in SwCrypt (without completing it due to lack of time) and it showed some potential (although it's still restricted to OpenCrypto-enabled systems).\
We can totally compare implementations once we're done, though.

Be careful in adding too many dependencies @MatoMA and keep in mind SwiftyRSA does not work on macOS, while swift-sodium is iOS and macOS (no Catalyst, no watchOS, no tvOS, no Linux) only, meaning the feature, and the hole library if it's not packaged in another target, would work on iOS alone, where you can already use web view based authentication without any fuss...
I tried implementing it in SwCrypt (without completing it due to lack of time) and it showed some potential (although it's still restricted to OpenCrypto-enabled systems).
We can totally compare implementations once we're done, though.

Thank you very much for your reply.
We found about 1/4 users failing to login with the webview authentication. And it is difficult for us to figure out the issue. This is why we want to make it work for the Android(Device) API.
And it is known that webview authentication not working if the users enable 2FA with Auth App (not text message).
If the above libraries not working, we still have openssl - the last path we'll try...

Web based login not working is just an issue with the current implementation, and it's definitely easier to fix.\
I made it work for Swiftagram, I'll just import the same class in SwiftyInsta if the success rate is that bad.\
Either way, having basic authentication back up and working properly is still a priority right now, don't worry 😊

So what do you feel it's the best way to move forward regarding compatibility, @TheM4hd1?\
I've reimplemented BasicAuthenticator in Swiftagram, so we could totally translate it for SwiftyInsta, but we need to settle on that first (e.g. dropping support for Linux in order for it to work, minimum OS versions, dependency managers, etc).

@sbertix is it still disabled for you? seems it works again for me now.

I tried it last week and it still did not work.\
Apparently it does not affect all accounts but they're migrating it heavily (based on renewed interest on enc_password at instagram-private-api).\
It should be addressed in SwiftyInsta too imho.

As implementation is not an issue per sé, and we can totally port Swiftagram, it's only about settling on dependencies, etc.

what about using openssl ? Instagram it self uses openssl I guess. this way we can keep the minimum compatibility version and linux compatibility too.

I genuinely hate relying on OpenSSL (directly at least) in Swift (like most people hahaha).\
This is definitely "the solution", but I'm not sure implementing it's worth the hassle... @TheM4hd1\
By all means, if you wanna do it, great, otherwise I still feel like going with something "higher level" should be good enough.

I tried implementing OpenSSL it works fine on an individual project but adding it as dependency, I wasn't able to do that, cause required lots works and increases the size of library.
If it was my individual project, I'd rather to use it for supporting minimum iOS version. but seems it doesn't worth to do it for library.
So I'm agree with porting SwiftaGram, this is the best solution for now.