iOS 请求 Instagram Basic Api 失败，响应状态代码：403

Question

我已经检查了请求正文的数据。这些数据在Android或Postman中运行都是成功的，并且每次都会使用新的代码来询问access_token。但响应状态码总是403让我很困惑。不过我只是第一次开发iOS项目。我认为我的 iOS 代码中可能存在某个错误。\n这是代码请求 instagram 基本显示 access_token API

\n

func getShortAccessTokenInfo(requestBody: ShortAccessTokenRequestBody,completionHandler: @escaping (ShortAccessTokenResponse) -> Void) {\n    \n    let url = URL(string: "https://api.instagram.com/oauth/access_token")!\n    \n    var request = URLRequest(url: url)\n    request.httpMethod = "POST"\n    request.addValue("application/json", forHTTPHeaderField: "Content-Type")\n    \n    let encoder = JSONEncoder()\n    encoder.keyEncodingStrategy = .convertToSnakeCase\n    guard let httpBody = try? encoder.encode(requestBody) else {\n        print("Invalid httpBody")\n        return\n    }\n    \n    request.httpBody = httpBody\n    print("httpBody \\(httpBody) ")\n    \n    URLSession.shared.dataTask(with: request) {\n        data, response, error in\n        if let data = data {\n            let decoder = JSONDecoder()\n            decoder.keyDecodingStrategy = .convertFromSnakeCase\n            do {\n                let response = try decoder.decode(ShortAccessTokenResponse.self, from: data)\n                completionHandler(response)\n            } catch {\n                let httpResponse = response as! HTTPURLResponse\n                print("\\nhttpResponse.statusCode = \\(httpResponse.statusCode)\\n")\n                print("\\nhttpResponse.allHeaderFields = \\(httpResponse.allHeaderFields)\\n")\n                print("\\nhttpResponse.description = \\(httpResponse.description)\\n")\n\n                \n                let outputStr  = String(data: data, encoding: String.Encoding.utf8)! as String\n                print("data = \\(outputStr)")\n            }\n                        \n        } else {\n            print("No Data")\n        }\n    }.resume()\n}\n

\n

数据模型在这里

\n

func getShortAccessTokenInfo(requestBody: ShortAccessTokenRequestBody,completionHandler: @escaping (ShortAccessTokenResponse) -> Void) {\n    \n    let url = URL(string: "https://api.instagram.com/oauth/access_token")!\n    \n    var request = URLRequest(url: url)\n    request.httpMethod = "POST"\n    request.addValue("application/json", forHTTPHeaderField: "Content-Type")\n    \n    let encoder = JSONEncoder()\n    encoder.keyEncodingStrategy = .convertToSnakeCase\n    guard let httpBody = try? encoder.encode(requestBody) else {\n        print("Invalid httpBody")\n        return\n    }\n    \n    request.httpBody = httpBody\n    print("httpBody \\(httpBody) ")\n    \n    URLSession.shared.dataTask(with: request) {\n        data, response, error in\n        if let data = data {\n            let decoder = JSONDecoder()\n            decoder.keyDecodingStrategy = .convertFromSnakeCase\n            do {\n                let response = try decoder.decode(ShortAccessTokenResponse.self, from: data)\n                completionHandler(response)\n            } catch {\n                let httpResponse = response as! HTTPURLResponse\n                print("\\nhttpResponse.statusCode = \\(httpResponse.statusCode)\\n")\n                print("\\nhttpResponse.allHeaderFields = \\(httpResponse.allHeaderFields)\\n")\n                print("\\nhttpResponse.description = \\(httpResponse.description)\\n")\n\n                \n                let outputStr  = String(data: data, encoding: String.Encoding.utf8)! as String\n                print("data = \\(outputStr)")\n            }\n                        \n        } else {\n            print("No Data")\n        }\n    }.resume()\n}\n

\n

这是日志：

\n

状态码：

\n

\n

httpResponse.statusCode = 403

\n

\n

所有标题字段：

\n

\n

httpResponse.allHeaderFields = [AnyHashable("原始试验"): AuqWincgAuXeuu3KypEMnrrFEJHySaesyJS3EaIH40zvafzrU0Irhb7+5QwZpOqMZrPTjgvFl7Z5jJgy1dNAcQMAAAB6eyJvcmlnaW4iOiJodHRwczovL2luc3RhZ3 JhbS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjEzNDExNjYyLCJpc1N1YmRvbWFpbiI6dHJ1ZX0=, AnyHashable("跨源" -opener-policy"): 同源允许弹出窗口;report-to="coop", AnyHashable( “缓存控制”）：私有，无缓存，无存储，必须重新验证，AnyHashable（“report-to”）：{“group”：“coep”，“max_age”：86400，“endpoints”：[ {“url”：“/security/coep_report/”}]}，{“group”：“coop”，“max_age”：86400，“endpoints”：[{“url”：“/security/coop_report/”}] AnyHashable("content-security-policy"): 报告 uri https://www.instagram.com/security/csp_report/; default-src \'self\' https://www.instagram.com; img-src 数据： blob： https:// .fbcdn.net https:// .instagram.com https:// .cdninstagram.com https:// .facebook.com https:// .fbsbx.com https:// .fbsbx.com https:// /.giphy.com；字体源数据：https: //.fbcdn.net https: //.instagram.com https: //.cdninstagram.com；media-src \'self\' blob：https://www.instagram.com https:// .cdninstagram.com https:// .fbcdn.net；manifest-src \'self\' https://www.instagram.com; script-src \'self\' https://instagram.com https://www.instagram.com https:// .www.instagram.com https:// .cdninstagram.com wss://www.instagram. com https:// .facebook.com https:// .fbcdn.net https:// .facebook.net \'unsafe-inline\' \'unsafe-eval\' blob:; style-src \'self\' https:// .www.instagram.com https://www.instagram.com \'unsafe-inline\'; connect-src \'self\' https://instagram.com https://www.instagram.com https:// .www.instagram.com https://graph.instagram.com https:// .graph. instagram.com https://graphql.instagram.com https:// .cdninstagram.com https://api.instagram.com https://i.instagram.com https:// .i.instagram.com wss： //www.instagram.com wss://edge-chat.instagram.com https:// .facebook.com https:// .fbcdn.net https://.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; 工人-src“自我”blob：https://www.instagram.com；frame-src \'self\' https://instagram.com https://www.instagram.com https://*.instagram.com https://staticxx.facebook.com https://www.facebook.com com https://web.facebook.com https://connect.facebook.net https://m.facebook.com；对象-src \'无\'; 升级不安全请求，AnyHashable（“内容长度”）：20676，AnyHashable（“x-frame-options”）：SAMEORIGIN，AnyHashable（“Pragma”）：无缓存，AnyHashable（“跨源嵌入器-仅策略报告"): require-corp;report-to="coep", AnyHashable("严格传输安全"): max-age=31536000, AnyHashable("x-content-type-options"): nosniff，AnyHashable（“内容语言”）：zh-tw，AnyHashable（“x-xss-保护”）：0，AnyHashable（“代理状态”）：http_request_error；e_clientaddr =“AcKYiNAO8yhMSZJyyEYudvZGWQzL-XB3-zoUHCoHbF8NHNnIr-i2ovQf3F3cMLaZ6NllIZz2Qo5Bgx6eJHw”; e_fb_binaryversion="AcLdEktTbz5wJ21gYaJEitTnDh51fwKoh1TWEJBnCTDeDsuWyGfrhaGoKLWBuytlTD_jNpYGEqTKkjuZHHl7upVezSs6uJlj8ok"; e_upip="AcJJDJlMUJsyHsIAGFauA9kxrXY2wohcrnfn50hqCMIY2ykTyJKp6Yzgq3HMhBdEfDpJdFdON7xvDmFgevxPXHhO4y4f7PITGNIpgvs"; e_proxy="AcJPFaA_DemVAz4l_ZIcLlO6dqLEWUrH1S3qyfM0Psu4Qqzm3d7g1IZeYuFfciVB_2EGkehYmN4GEjA"; e_fb_builduser="AcISyC6CAEhH54reK-ewAmKXLcNC8aeHIx4_8Dz6aY83oAk05yOr1kaVHEqYAN-Jcck"; e_fb_vipaddr =“AcInfxChauRQiPpxzGfxHV2lNUNaz0TDhZFUIoS85agFhatn6NyYkeG6swkbzrGDNCmkyZk”，http_request_error；e_clientaddr="AcIY794j6DB_pmP2rk4VsK1zivmZkN9gKrGfvjHfleRJNRB91E-eM7XwFHBZCUBY8zxtV5TVCl3bZAUl0ZOyUSNYP7HHQgvSuXGPRxosSOaG"; e_fb_binaryversion="AcITNqtpSK2R5tDP_gcliynnda3OUKCZgzK-Xsb-r4KXoTzmkEkQmC9Nir7f8yfGz50vSf-gAKhLabX9TQoI0dDOI6LlWW4BHAI"; e_upip="AcKdip7JMVCIyHNm4r3n_lc1FxZ8WRKNQWBDBUwsupTD4rNfKXV4LFfbOLVbapi7jcyqgp1OMZev9Mrb-zxwQ2fryGpF7P3D-Q"; e_proxy="AcI1jEPhkHHVfIX0U-99CwCpJd9bHFInKVHw9EqNNgHvgWSlCPPyPZ-hKEHGtNUxph6CrXt8H8drm0RL3DAn"; e_fb_builduser="AcKOj-xkkvFvzA7RHW34q4gu4tq7NuVcT_WRvsQwxdJFoGmDmQGrefnKdcJ7Hpb4KEo"; e_fb_vipaddr="AcKa3V32l88jLiYn7E5uzcjwzVyAsdvUFKuu1lo_qhJx5qKrGr1ffkqtyIr9Pxh8QrmPf1EHN5vZItcLz3j9_s-6lutm2G-44iYcaiE", AnyHashable("内容类型"): text/html; charset = utf-8，AnyHashable（“x-ig-push-state”）：c2，AnyHashable（“Set-Cookie”）：rur =“FTW\\0541700458427\\0541660136279：01f7f1716e996e603ddf484bdfbc12a6fad1ff6f56053129280eb5 4ca5906d3e6cf24459”；域名=.instagram.com；仅 Http；路径=/；安全，AnyHashable（“access-control-expose-headers”）：X-IG-Set-WWW-Claim，AnyHashable（“x-aed”）：46，AnyHashable（“Vary”）：接受语言，Cookie，AnyHashable （“x-fb-trip-id”）：19638678，AnyHashable（“过期”）：2000 年 1 月 1 日星期六 00:00:00 GMT，AnyHashable（“Alt-Svc”）：h3-29=":443"; ma=3600,h3-27=":443"; ma=3600，AnyHashable（“x-ig-origin-region”）：ftw，AnyHashable（“日期”）：2021 年 8 月 10 日星期二 12:57:59 GMT]

\n

\n

描述：

\n

<NSHTTPURLResponse: 0x280a5a6e0> { URL: https://api.instagram.com/oauth/access_token } { Status Code: 403, Headers {\n"Alt-Svc" =     (\n    "h3-29=\\":443\\"; ma=3600,h3-27=\\":443\\"; ma=3600"\n);\n"Cache-Control" =     (\n    "private, no-cache, no-store, must-revalidate"\n);\n"Content-Language" =     (\n    "zh-tw"\n);\n"Content-Length" =     (\n    20676\n);\n"Content-Type" =     (\n    "text/html; charset=utf-8"\n);\nDate =     (\n    "Tue, 10 Aug 2021 12:57:59 GMT"\n);\nExpires =     (\n    "Sat, 01 Jan 2000 00:00:00 GMT"\n);\nPragma =     (\n    "no-cache"\n);\n"Set-Cookie" =     (\n    "rur=\\"FTW\\\\0541700458427\\\\0541660136279:01f7f1716e996e603ddf484bdfbc12a6fad1ff6f56053129280eb54ca5906d3e6cf24459\\"; Domain=.instagram.com; HttpOnly; Path=/; Secure"\n);\n"Strict-Transport-Security" =     (\n    "max-age=31536000"\n);\nVary =     (\n    "Accept-Language, Cookie"\n);\n"access-control-expose-headers" =     (\n    "X-IG-Set-WWW-Claim"\n);\n"content-security-policy" =     (\n    "report-uri https://www.instagram.com/security/csp_report/; default-src \'self\' https://www.instagram.com; img-src data: blob: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com https://*.facebook.com https://*.fbsbx.com https://*.giphy.com; font-src data: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com; media-src \'self\' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src \'self\' https://www.instagram.com; script-src \'self\' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net \'unsafe-inline\' \'unsafe-eval\' blob:; style-src \'self\' https://*.www.instagram.com https://www.instagram.com \'unsafe-inline\'; connect-src \'self\' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://graphql.instagram.com https://*.cdninstagram.com https://api.instagram.com https://i.instagram.com https://*.i.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src \'self\' blob: https://www.instagram.com; frame-src \'self\' https://instagram.com https://www.instagram.com https://*.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src \'none\'; upgrade-insecure-requests"\n);\n"cross-origin-embedder-policy-report-only" =     (\n    "require-corp;report-to=\\"coep\\""\n);\n"cross-origin-opener-policy" =     (\n    "same-origin-allow-popups;report-to=\\"coop\\""\n);\n"origin-trial" =     (\n    "AuqWincgAuXeuu3KypEMnrrFEJHySaesyJS3EaIH40zvafzrU0Irhb7+5QwZpOqMZrPTjgvFl7Z5jJgy1dNAcQMAAAB6eyJvcmlnaW4iOiJodHRwczovL2luc3RhZ3JhbS5jb206NDQzIiwiZmVhdHVyZSI6IkNyb3NzT3JpZ2luT3BlbmVyUG9saWN5UmVwb3J0aW5nIiwiZXhwaXJ5IjoxNjEzNDExNjYyLCJpc1N1YmRvbWFpbiI6dHJ1ZX0="\n);\n"proxy-status" =     (\n    "http_request_error; e_clientaddr=\\"AcKYiNAO8yhMSZJyyEYudvZGWQzL-XB3-zoUHCoHbF8NHNnIr-i2ovQf3F3cMLaZ6NllIZz2Qo5Bgx6eJHw\\"; e_fb_binaryversion=\\"AcLdEktTbz5wJ21gYaJEitTnDh51fwKoh1TWEJBnCTDeDsuWyGfrhaGoKLWBuytlTD_jNpYGEqTKkjuZHHl7upVezSs6uJlj8ok\\"; e_upip=\\"AcJJDJlMUJsyHsIAGFauA9kxrXY2wohcrnfn50hqCMIY2ykTyJKp6Yzgq3HMhBdEfDpJdFdON7xvDmFgevxPXHhO4y4f7PITGNIpgvs\\"; e_proxy=\\"AcJPFaA_DemVAz4l_ZIcLlO6dqLEWUrH1S3qyfM0Psu4Qqzm3d7g1IZeYuFfciVB_2EGkehYmN4GEjA\\"; e_fb_builduser=\\"AcISyC6CAEhH54reK-ewAmKXLcNC8aeHIx4_8Dz6aY83oAk05yOr1kaVHEqYAN-Jcck\\"; e_fb_vipaddr=\\"AcInfxChauRQiPpxzGfxHV2lNUNaz0TDhZFUIoS85agFhatn6NyYkeG6swkbzrGDNCmkyZk\\", http_request_error; e_clientaddr=\\"AcIY794j6DB_pmP2rk4VsK1zivmZkN9gKrGfvjHfleRJNRB91E-eM7XwFHBZCUBY8zxtV5TVCl3bZAUl0ZOyUSNYP7HHQgvSuXGPRxosSOaG\\"; e_fb_binaryversion=\\"AcITNqtpSK2R5tDP_gcliynnda3OUKCZgzK-Xsb-r4KXoTzmkEkQmC9Nir7f8yfGz50vSf-gAKhLabX9TQoI0dDOI6LlWW4BHaI\\"; e_upip=\\"AcKdip7JMVCIyHNm4r3n_lc1FxZ8WRKNQWBDBUwsupTD4rNfKXV4LFfbOLVbapi7jcyqgp1OMZev9Mrb-zxwQ2fryGpF7P3D-Q\\"; e_proxy=\\"AcI1jEPhkHHVfIX0U-99CwCpJd9bHFInKVHw9EqNNgHvgWSlCPPyPZ-hKEHGtNUxph6CrXt8H8drm0RL3DAn\\"; e_fb_builduser=\\"AcKOj-xkkvFvzA7RHW34q4gu4tq7NuVcT_WRvsQwxdJFoGmDmQGrefnKdcJ7Hpb4KEo\\"; e_fb_vipaddr=\\"AcKa3V32l88jLiYn7E5uzcjwzVyAsdvUFKuu1lo_qhJx5qKrGr1ffkqtyIr9Pxh8QrmPf1EHN5vZItcLz3j9_s-6lutm2G-44iYcaiE\\""\n);\n"report-to" =     (\n    "{\\"group\\": \\"coep\\", \\"max_age\\": 86400, \\"endpoints\\": [{\\"url\\": \\"/security/coep_report/\\"}]},{\\"group\\": \\"coop\\", \\"max_age\\": 86400, \\"endpoints\\": [{\\"url\\": \\"/security/coop_report/\\"}]}"\n);\n"x-aed" =     (\n    46\n);\n"x-content-type-options" =     (\n    nosniff\n);\n"x-fb-trip-id" =     (\n    19638678\n);\n"x-frame-options" =     (\n    SAMEORIGIN\n);\n"x-ig-origin-region" =     (\n    ftw\n);\n"x-ig-push-state" =     (\n    c2\n);\n"x-xss-protection" =     (\n    0\n);\n

\n

} }

\n

数据：

\n

struct ShortAccessTokenRequestBody: Encodable {\n    var clientId: String\n    var clientSecret: String\n    var code: String\n    var grantType: String\n    var redirectUri: String\n}\n\nstruct ShortAccessTokenResponse: Decodable {\n    var accessToken : String\n    var userId : Int\n}\n

\n

Answer 1

好吧我已经解决了同样的问题。似乎如果您向 Instagram 的 API发送带有 cookie 的请求，它就会返回403。在iOS中，URLRequest系统默认会添加一些cookie，这就导致了这个403问题。

您需要做的是添加：

request.httpShouldHandleCookies = false

根据您的请求，禁用系统自动添加 cookie。