Adding a query parameter to the Instagram auth redirect_uri doesn't work?

Question

Steps to reproduce

1. Register a redirect_uri in the client: http://example.com/publisher/auth
2. Direct a user to the /oauth/authorize endpoint with the redirect_uri including a query parameter:

   https://api.instagram.com/oauth/authorize/?client_id=xxx&redirect_uri=http%3A%2F%2Fexample.com%2Fpublisher%2Fauth%3FinviteId%3D00001000-cf33-11e4-9f26-8789dd0b3e01&response_type=code&scope=basic&type=web_server

   For reference, those query parameters are:

   client_id=xxx
   redirect_uri=http%3A%2F%2Fexample.com%2Fpublisher%2Fauth%3FinviteId%3D00001000-cf33-11e4-9f26-8789dd0b3e01
   response_type=code
   scope=basic
   type=web_server
   

3. Authenticate an instagram user and allow the app.
4. The user is redirected back to the correct redirect_uri.
5. Use the code query parameter from the redirected URI to post to Instagram's /oauth/access_token endpoint.

Expected behavior

The endpoint responds with 200 and an access token.

ACTUAL behavior

The endpoint responds with:

code=400
error_type = 'OAuthException'
error_message = 'Redirect URI doesn't match original redirect URI'

What I've Investigated So Far

To confirm that this is a problem with Instagram, I checked the API docs which very clearly state that adding query parameters to the redirect URI should be possible. I also tried varying only that query parameter. For example, when replaced with this /oauth/authorize URL I get the expected behavior:

https://api.instagram.com/oauth/authorize/?type=web_server&client_id=xxx&redirect_uri=http%3A%2F%2Fexample.com%2Fpublisher%2Fauth&response_type=code&scope=basic

For reference, those query parameters are:

client_id=xxx
redirect_uri=http%3A%2F%2Fexample.com%2Fpublisher%2Fauth
response_type=code
scope=basic
type=web_server

Notes

This question is actually a duplicate of another question which actually didn't really turn out to be a question, and which never got any answers.

I have submitted a bug with Instagram, but I wanted to see if anyone had found this or come up with a workaround.

Answer 1

Had the same issue today. To get the custom data passed between requests you must include it as state param. My authorize request url looked something like this:

https://www.instagram.com/oauth/authorize?client_id=SOME_CLIENT_ID&response_type=code&redirect_uri=http://example.com/auth/InstagramRedirect/&state=855C0114-F860-420A-AEB1-A276644FCCEA

Notice the & and state=...

Answer 2

You have to provide the redirect_uri with your extra search params as the last parameter:

https://www.instagram.com/oauth/authorize/?client_id=be1b911b487f4919b9c2fb7df0c4142c&type=web_server&response_type=code&scope=basic&redirect_uri=https://wpwifidemo.alepo.net/instagram/joinus/?inviteId=00001000-cf33-11e4-9f26-8789dd0b3e01

User will be redirected to:

https://wpwifidemo.alepo.net/instagram/joinus/?inviteId=00001000-cf33-11e4-9f26-8789dd0b3e01&code=CODE