feat: instagram oauth provider

models/settings/settings.go

@@ -60,6 +60,7 @@ type Settings struct {
 	OIDC2Auth     AuthProviderConfig `form:"oidc2Auth" json:"oidc2Auth"`
 	OIDC3Auth     AuthProviderConfig `form:"oidc3Auth" json:"oidc3Auth"`
 	AppleAuth     AuthProviderConfig `form:"appleAuth" json:"appleAuth"`
+	InstagramAuth AuthProviderConfig `form:"instagramAuth" json:"instagramAuth"`
 }
 
 // New creates and returns a new default Settings instance.
@@ -175,6 +176,9 @@ func New() *Settings {
 		AppleAuth: AuthProviderConfig{
 			Enabled: false,
 		},
+		InstagramAuth: AuthProviderConfig{
+			Enabled: false,
+		},
 	}
 }
 
@@ -215,6 +219,7 @@ func (s *Settings) Validate() error {
 		validation.Field(&s.OIDC2Auth),
 		validation.Field(&s.OIDC3Auth),
 		validation.Field(&s.AppleAuth),
+		validation.Field(&s.InstagramAuth),
 	)
 }
 
@@ -278,6 +283,7 @@ func (s *Settings) RedactClone() (*Settings, error) {
 		&clone.OIDC2Auth.ClientSecret,
 		&clone.OIDC3Auth.ClientSecret,
 		&clone.AppleAuth.ClientSecret,
+		&clone.InstagramAuth.ClientSecret,
 	}
 
 	// mask all sensitive fields
@@ -315,6 +321,7 @@ func (s *Settings) NamedAuthProviderConfigs() map[string]AuthProviderConfig {
 		auth.NameOIDC + "2": s.OIDC2Auth,
 		auth.NameOIDC + "3": s.OIDC3Auth,
 		auth.NameApple:      s.AppleAuth,
+		auth.NameInstagram:  s.InstagramAuth,
 	}
 }
 

tools/auth/auth.go

@@ -129,6 +129,8 @@ func NewProviderByName(name string) (Provider, error) {
 		return NewOIDCProvider(), nil
 	case NameApple:
 		return NewAppleProvider(), nil
+	case NameInstagram:
+		return NewInstagramProvider(), nil
 	default:
 		return nil, errors.New("Missing provider " + name)
 	}

tools/auth/auth_test.go

@@ -180,4 +180,13 @@ func TestNewProviderByName(t *testing.T) {
 	if _, ok := p.(*auth.Apple); !ok {
 		t.Error("Expected to be instance of *auth.Apple")
 	}
+
+	// instagram
+	p, err = auth.NewProviderByName(auth.NameInstagram)
+	if err != nil {
+		t.Errorf("Expected nil, got error %v", err)
+	}
+	if _, ok := p.(*auth.Instagram); !ok {
+		t.Error("Expected to be instance of *auth.Instagram")
+	}
 }

tools/auth/instagram.go

@@ -0,0 +1,64 @@
+package auth
+
+import (
+	"context"
+	"encoding/json"
+
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/instagram"
+)
+
+var _ Provider = (*Instagram)(nil)
+
+// NameInstagram is the unique name of the Instagram provider.
+const NameInstagram string = "instagram"
+
+// Instagram allows authentication via Instagram OAuth2.
+type Instagram struct {
+	*baseProvider
+}
+
+// NewInstagramProvider creates new Instagram provider instance with some defaults.
+func NewInstagramProvider() *Instagram {
+	return &Instagram{&baseProvider{
+		ctx:        context.Background(),
+		scopes:     []string{"user_profile"},
+		authUrl:    instagram.Endpoint.AuthURL,
+		tokenUrl:   instagram.Endpoint.TokenURL,
+		userApiUrl: "https://graph.instagram.com/me?fields=id,username,account_type",
+	}}
+}
+
+// FetchAuthUser returns an AuthUser instance based on the Instagram's user api.
+//
+// API reference: https://developers.facebook.com/docs/instagram-basic-display-api/reference/user#fields
+func (p *Instagram) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) {
+	data, err := p.FetchRawUserData(token)
+	if err != nil {
+		return nil, err
+	}
+
+	rawUser := map[string]any{}
+	if err := json.Unmarshal(data, &rawUser); err != nil {
+		return nil, err
+	}
+
+	extracted := struct {
+		Id          string `json:"id"`
+		Username    string `json:"username"`
+		AccountType string `json:"account_type"`
+	}{}
+	if err := json.Unmarshal(data, &extracted); err != nil {
+		return nil, err
+	}
+
+	user := &AuthUser{
+		Id:           extracted.Id,
+		Username:     extracted.Username,
+		RawUser:      rawUser,
+		AccessToken:  token.AccessToken,
+		RefreshToken: token.RefreshToken,
+	}
+
+	return user, nil
+}

ui/src/providers.js

@@ -111,4 +111,9 @@ export default [
         logo:  "oidc.svg",
         optionsComponent: OIDCOptions,
     },
+    {
+        key:   "instagramAuth",
+        title: "Instagram",
+        logo:  "instagram.svg",
+    },
 ];