Removing Instagram support

Instagram moved to the Graph API and restricted their API access a few years ago. As part of the restrictions, once approved, apps can only the user’s profile and content. Meta for Developers portal also states: Note that Basic Display is not an authentication tool. Data returned by the API cannot be used to authenticate your app users or log them into your app. If your app uses API data to authenticate users, it will be rejected during App Review. If you need an authentication solution, use Facebook Login instead. As part of the policy change for an app to get approved during the reviews, the app developer needs to develop a “quality” application using temporary tokens for test accounts. Prior attempts to obtain credentials from Instagram for the demo stack have also failed. The previously used dependencies such as passport-instagram are no longer maintained and have broken for a few years. Hackathon starter’s login integration and API demo page have been non-functional for a few years (and we haven’t had github issues or requests about them). Commercial providers such as Auth0 also no longer list login by Instagram as an offering. Hence removing the Instagram login and API examples from the project.
sahat · Jul 28, 2023 · 68dc919 · 68dc919
1 parent 3fbec29
commit 68dc919
Show file tree

Hide file tree

Showing 11 changed files with 488 additions and 670 deletions.
diff --git a/.env.example b/.env.example
@@ -31,9 +31,6 @@ SNAPCHAT_SECRET=DyswCZGyuZl5BBEA1yWlcjyAoONB-_qw8WNodhc4hr4
 FACEBOOK_ID=754220301289665
 FACEBOOK_SECRET=41860e58c256a3d7ad8267d3c1939a4a
 
-INSTAGRAM_ID=9f5c39ab236a48e0aec354acb77eee9b
-INSTAGRAM_SECRET=5920619aafe842128673e793a1c40028
-
 GITHUB_ID=cb448b1d4f0c743a1e36
 GITHUB_SECRET=815aa4606f476444691c5f1c16b9c70da6714dc6
 

diff --git a/app.js b/app.js
@@ -175,7 +175,6 @@ app.get('/api/tumblr', passportConfig.isAuthenticated, passportConfig.isAuthoriz
 app.get('/api/facebook', passportConfig.isAuthenticated, passportConfig.isAuthorized, apiController.getFacebook);
 app.get('/api/github', passportConfig.isAuthenticated, passportConfig.isAuthorized, apiController.getGithub);
 app.get('/api/twitch', passportConfig.isAuthenticated, passportConfig.isAuthorized, apiController.getTwitch);
-app.get('/api/instagram', passportConfig.isAuthenticated, passportConfig.isAuthorized, apiController.getInstagram);
 app.get('/api/paypal', apiController.getPayPal);
 app.get('/api/paypal/success', apiController.getPayPalSuccess);
 app.get('/api/paypal/cancel', apiController.getPayPalCancel);
@@ -194,10 +193,6 @@ app.get('/api/quickbooks', passportConfig.isAuthenticated, passportConfig.isAuth
 /**
  * OAuth authentication routes. (Sign in)
  */
-app.get('/auth/instagram', passport.authenticate('instagram', { scope: ['basic', 'public_content'] }));
-app.get('/auth/instagram/callback', passport.authenticate('instagram', { failureRedirect: '/login' }), (req, res) => {
-  res.redirect(req.session.returnTo || '/');
-});
 app.get('/auth/snapchat', passport.authenticate('snapchat'));
 app.get('/auth/snapchat/callback', passport.authenticate('snapchat', { failureRedirect: '/login' }), (req, res) => {
   res.redirect(req.session.returnTo || '/');

diff --git a/config/passport.js b/config/passport.js
@@ -1,7 +1,6 @@
 const passport = require('passport');
 const refresh = require('passport-oauth2-refresh');
 const axios = require('axios');
-const { Strategy: InstagramStrategy } = require('passport-instagram');
 const { Strategy: LocalStrategy } = require('passport-local');
 const { Strategy: FacebookStrategy } = require('passport-facebook');
 const { Strategy: SnapchatStrategy } = require('passport-snapchat');
@@ -100,7 +99,7 @@ passport.use(new SnapchatStrategy({
       return done(null, existingUser);
     }
     const user = new User();
-    // Similar to Twitter & Instagram APIs, assign a temporary e-mail address
+    // Assign a temporary e-mail address
     // to get on with the registration process. It can be changed later
     // to a valid e-mail address in Profile Management.
     user.email = `${profile.id}@snapchat.com`;
@@ -384,53 +383,6 @@ passport.use(new LinkedInStrategy({
   }
 }));
 
-/**
- * Sign in with Instagram.
- */
-passport.use(new InstagramStrategy({
-  clientID: process.env.INSTAGRAM_ID,
-  clientSecret: process.env.INSTAGRAM_SECRET,
-  callbackURL: '/auth/instagram/callback',
-  passReqToCallback: true
-}, async (req, accessToken, refreshToken, profile, done) => {
-  try {
-    if (req.user) {
-      const existingUser = await User.findOne({ instagram: profile.id });
-      if (existingUser) {
-        req.flash('errors', { msg: 'There is already an Instagram account that belongs to you. Sign in with that account or delete it, then link it with your current account.' });
-        return done(null, existingUser);
-      }
-      const user = await User.findById(req.user.id);
-      user.instagram = profile.id;
-      user.tokens.push({ kind: 'instagram', accessToken });
-      user.profile.name = user.profile.name || profile.displayName;
-      user.profile.picture = user.profile.picture || profile._json.data.profile_picture;
-      user.profile.website = user.profile.website || profile._json.data.website;
-      await user.save();
-      req.flash('info', { msg: 'Instagram account has been linked.' });
-      return done(null, user);
-    }
-    const existingUser = await User.findOne({ instagram: profile.id });
-    if (existingUser) {
-      return done(null, existingUser);
-    }
-    const user = new User();
-    user.instagram = profile.id;
-    user.tokens.push({ kind: 'instagram', accessToken });
-    user.profile.name = profile.displayName;
-    // Similar to Twitter API, assigns a temporary e-mail address
-    // to get on with the registration process. It can be changed later
-    // to a valid e-mail address in Profile Management.
-    user.email = `${profile.username}@instagram.com`;
-    user.profile.website = profile._json.data.website;
-    user.profile.picture = profile._json.data.profile_picture;
-    await user.save();
-    return done(null, user);
-  } catch (err) {
-    return done(err);
-  }
-}));
-
 /**
  * Twitch API OAuth.
  */

diff --git a/controllers/api.js b/controllers/api.js
@@ -1,12 +1,10 @@
-const { promisify } = require('util');
 const cheerio = require('cheerio');
 const { LastFmNode } = require('lastfm');
 const { Octokit } = require('@octokit/rest');
 const stripe = require('stripe')(process.env.STRIPE_SKEY);
 const twilio = require('twilio')(process.env.TWILIO_SID, process.env.TWILIO_TOKEN);
 const paypal = require('paypal-rest-sdk');
 const crypto = require('crypto');
-const ig = require('instagram-node').instagram();
 const axios = require('axios');
 const googledrive = require('@googleapis/drive');
 const googlesheets = require('@googleapis/sheets');
@@ -498,26 +496,6 @@ exports.getChart = async (req, res, next) => {
     });
 };
 
-/**
- * GET /api/instagram
- * Instagram API example.
- */
-exports.getInstagram = async (req, res, next) => {
-  const token = req.user.tokens.find((token) => token.kind === 'instagram');
-  ig.use({ client_id: process.env.INSTAGRAM_ID, client_secret: process.env.INSTAGRAM_SECRET });
-  ig.use({ access_token: token.accessToken });
-  try {
-    const userSelfMediaRecentAsync = promisify(ig.user_self_media_recent);
-    const myRecentMedia = await userSelfMediaRecentAsync();
-    res.render('api/instagram', {
-      title: 'Instagram API',
-      myRecentMedia
-    });
-  } catch (error) {
-    next(error);
-  }
-};
-
 /**
  * GET /api/paypal
  * PayPal SDK example.

diff --git a/models/User.js b/models/User.js
@@ -15,7 +15,6 @@ const userSchema = new mongoose.Schema({
   twitter: String,
   google: String,
   github: String,
-  instagram: String,
   linkedin: String,
   steam: String,
   twitch: String,