将查询参数添加到Instagram auth redirect_uri不起作用？

Question

重现步骤

1. Register a redirect_uri in the client: http://example.com/publisher/auth
2. Direct a user to the /oauth/authorize endpoint with the redirect_uri including a query parameter:

   https://api.instagram.com/oauth/authorize/?client_id=xxx&redirect_uri=http%3A%2F%2Fexample.com%2Fpublisher%2Fauth%3FinviteId%3D00001000-cf33-11e4-9f26-8789dd0b3e01&response_type=code&scope=basic&type=web_server

   For reference, those query parameters are:

   client_id=xxx
   redirect_uri=http%3A%2F%2Fexample.com%2Fpublisher%2Fauth%3FinviteId%3D00001000-cf33-11e4-9f26-8789dd0b3e01
   response_type=code
   scope=basic
   type=web_server
   

3. Authenticate an instagram user and allow the app.
4. The user is redirected back to the correct redirect_uri.
5. Use the code query parameter from the redirected URI to post to Instagram's /oauth/access_token endpoint.

Expected behavior

The endpoint responds with 200 and an access token.

ACTUAL behavior

The endpoint responds with:

code=400
error_type = 'OAuthException'
error_message = 'Redirect URI doesn't match original redirect URI'

What I've Investigated So Far

To confirm that this is a problem with Instagram, I checked the API docs which very clearly state that adding query parameters to the redirect URI should be possible. I also tried varying only that query parameter. For example, when replaced with this /oauth/authorize URL I get the expected behavior:

https://api.instagram.com/oauth/authorize/?type=web_server&client_id=xxx&redirect_uri=http%3A%2F%2Fexample.com%2Fpublisher%2Fauth&response_type=code&scope=basic

For reference, those query parameters are:

client_id=xxx
redirect_uri=http%3A%2F%2Fexample.com%2Fpublisher%2Fauth
response_type=code
scope=basic
type=web_server

Notes

This question is actually a duplicate of another question which actually didn't really turn out to be a question, and which never got any answers.

I have submitted a bug with Instagram, but I wanted to see if anyone had found this or come up with a workaround.

Answer 1

今天有同样的问题。要获取在请求之间传递的自定义数据，您必须将其作为state参数包含在内。我的授权请求网址如下所示：

https://www.instagram.com/oauth/authorize?client_id=SOME_CLIENT_ID&response_type=code&redirect_uri=http://example.com/auth/InstagramRedirect/ &state=855C0114-F860-420A-AEB1-A276644FCCEA

注意&和state =...

Answer 2

回答这个问题可能已经太晚了。但我今天遇到了同样的问题，并且这个问题已经发布，将参数传递到身份验证 URL 的解决方案如下。

看来你的额外参数是type=web_server，考虑到这一点，你获取代码的 URL 应该如下

https://www.instagram.com/oauth/authorize/?client_id=be1b911b487f4919b9c2fb7df0c4142c&redirect_uri=https://wpwifidemo.alepo.net/instagram/joinus/？类型=web_server &response_type=代码&范围=基本

然后，在调用 accessToken API 时，将您的redirect_uri参数附加到您传递的参数（与应用程序中配置的参数不同）。例如

redirect_uri=http%3A%2F%2Fexample.com%2Fpublisher%2Fauth%3FinviteId%3D00001000-cf33-11e4-9f26-8789dd0b3e01？类型=网络服务器