Instagram oauth - error 400 matching code not found [closed]

Question

Problem started two days ago and affected about 70% of our users. This error is not depends on IP, libraries or server configuration.

Instagram ignores my requests, Facebook do too.

I've tried to reset client secret, change IP and region, so nothing helped.

Other users reports same problem: https://news.ycombinator.com/item?id=13178789

Maybe someone from Instagram/Facebook read StackOverflow and can give some advise or clarify this situation?

Answer 1

I'm seeing this consistently. After much investigation (a whole day), it appears that Instagram has changed their main API host for authentication from https://api.instagram.com to https://www.instagram.com and redirect with a 302.

If your code sends a POST to api.instagram.com it is redirected, and (I'm guessing here) Instagram counts that as two requests.

I've changed api.instagram.com in my oauth code to www.instagram.com and was able to get an access token.

Answer 2

It appears that Instagram api has move api.instagram.com to www.instagram.com with a 302 redirect.

If you are using omniauth-instagram gem, you can use this fix:

#config/initializers/omniauth_instagram_api_path.rb

module OmniAuth
  module Strategies
    class Instagram
      option :client_options, {
        :site => 'https://www.instagram.com',
        :authorize_url => 'https://www.instagram.com/oauth/authorize',
        :token_url => 'https://www.instagram.com/oauth/access_token'
      }
    end
  end
end

The purpose is the replace api.instagram.com by www.instagram.com.

I managed to make my staging and production application work.