Instagram Connection Deprecation

As of March 31, 2020, Facebook turned off the Instagram legacy APIs in favor of a new set of APIs:

  • Instagram Graph API designed for Instagram Professional Accounts, not for end-user authentication.

  • Instagram Basic Display API, an OAuth2 API, and enables you to grant access to your basic Instagram account data to a third-party app.

Facebook requires applications to implement Facebook Login for authentication. Facebook will not approve applications that use the Instagram Basic Display API for authentication.

Actions

To allow your existing users continue to access your application, you will need to ask users that are authenticating using Instagram to authenticate in a different way, and use Account Linking to link the new identity with the old one.

An example flow would be:

  • The user authenticates with Instagram.

  • The application tells the user that they won't be able to authenticate with Instagram anymore, and that they should do it in a different way.

  • The application lists the options the user has for authentication, for example:

    • Facebook

    • Username and Password

  • After the user authenticates in a different way, you link the accounts using Account Linking.

While we could replace our current implementation and use the Instagram Basic Display OAuth flow, this would not be accepted by Facebook's policies. You would need to create an Instagram application in Facebook and, in that app, there's a notification saying:

This means that even if Auth0 implemented this flow, your Instagram application would not be approved by Facebook.

If you need to access Instagram data, you will need to authenticate your user in another way (for example, using Facebook Login or username/password), and implement the Instagram OAuth flow in your application.