To temporary fix the issue, you could do the following:
change response_type=code to response_type=token. Instagram will redirect back to your site with something like /callback#access_token=123456. From here, send the user to a very simple page with the following snippet:
<script>
if (window.location.hash && window.location.hash.indexOf('#access_token=') !== -1) {
var accessToken = window.location.hash.replace('#access_token=', '');
window.location = '/callback?access_token=' + accessToken;
}
</script>
After that, you just use the Instagram API to retrieve user by access token then perform log in. This is not a recommended flow by Instagram but is a flow that works for now if your customers are constantly hammering you with support tickets as they did with us.
I completely agree. Hence I said it's temporary. When you have a huge influx of paying customers who cannot log in to do their work, you have to balance that a bit.
Ah yes, of course. I did miss that. The implicit (client-side) auth flow gets the access token directly and doesn't need another request to the API, that's the whole point.
This is indeed rather unwanted, even more so
with the new more restrictive API usage policy and the sandbox.
Depending on the library you use, it may be default to response_type=code. Just get the URL and do a search and replace if the library doesn't allow you to define the type.
Something tells me however that just changing it to 'token' (file strategy.js, line 217) actually fixes it, now there are other issues with many redirects when just changing that line, Im not entirely sure how that library works to fix anything else at this point, do you know when this issue might be resolved as a whole?
Unfortunately, Instagram is terrible with responding to developer support tickets and there really isn't a much of a community aspect around it. This issue itself is not easily reproducible. The same account may work on one site and not a another site.
For me it doesn't works. I changed from 'api.instagram.com' to 'www.instagram.com' for the Oauth - have one "302 redirect" back to my site with "error 400". Strange...
Okay, thought I'd mention it because it's had such a significant effect for me. So that possibly means that in my case the Auth0 <-> Instagram connection is something to investigate further.
We started having same issue since last Friday (Dec. 15, 2016) after working fine for months. Same user can login via oauth on one wifi, but not on the other, or even on mobile cellular network. And even when it worked on that wifi at one point, it does not work at other times. We have not found a workaround to fix this, reported to Instagram 24 hours ago, waiting...I tried to login to my account on instagram.com first, then go back to our site, browser would log in automatically. So far, we don't have a solution yet.
Just checked again, we're still seeing issues. I can reproduce, simply by using my personal account in a private window, it randomly fails in at least one of our environments (e.g. prod, staging, localhost).
I reported this to a contact at Instagram and they said they are aware of the issue. They don’t have an ETA for the fix yet, but they are looking into it. It's just odd that it seems so random with all of our customers.
I'm creator of https://picodash.com, I noticed the same issue about a week ago but did not get any complains from my customers, so debugged it for 8 hours until I found this (I know it will be hard to believe):
I kept getting "Matching code was not found or was already used." when using thru my oauth python code which btw has been working for 6 years now. But when I used curl to do POST, it worked, when I tried Curl again with same oauth code, it failed, So I think this is something that was recently changed by Instagram, the oauth code only works one time, I kind of remember this code could be used more than once before to make POST call, but there was time limit instead, after which using same code was failing.
So with me, this was always failing, but no complains from my customers, I could see logs that new people were signing up.
I started testing on localhost, I added debug logs, I did notice that there was 2 POST calls being made, so it was failing. I could see that 2 POST calls was made and first one did work and get access_token, but there was a second call made and this was error 400 and oauth flow was failing. Almost looked like a retry of POST call, cause my code should only make one.
I started trying different browsers, failed on all firefox,IE, safari, chrome. And then decided to try on my iphone, it worked 100%, so looked for difference, it was on LTE, so I guessed may be my wifi, switched to wifi on iphone and it started failing 100%. So now on my dev system, I connected modem directly to system without router and tried, it passed 100%, so it was my wireless router (I know weird), I tried another 3rd party instagram web app, had same issue but worked without the wireless router. So on Monday I got another wireless router and no issues, it started working. So this could be an isolated incident for me, I came to conclusion that I was using some old router that was dropping POST request and making second attempt and failing.
So I guess if this is affecting all your customer check you code by putting logs that you are making one POST request. Try making a CURL after you receive the code and make sure it is working on first attempt.
Today after reading this, I check my oauth login again, I did notice it fail few times, but when I try again, it is passing, so something changed again I think.
Sorry, but this is definitely not a hardware, connection or session issue. Just check the rest of the thread. We're seeing issues over various links (broadband, mobile, datacenter) on different server locations (AWS vs. on dev machine) with or without private mode / logging out and then in.
I honestly wish it was something like this, at least then we could fix it.
The double POST requests you see is most probably because api.instagram.com returns a 302 response ("Found", i.e. redirect). This is a relatively recent change, but still weeks before those issues started.
By the way, your server refuses connection when you go to https://picodash.com directly (without www.). You might want to fix this.
Some of our customers have complained how they were having issues with logging in with their account a few days ago. We've tested it on our end and it was working without any issue. However, we encountered the issue yesterday and still having it. However, a very few customers are not having any issue. Really weird and annoying. Reported to Instagram, still no feedback.
1. It not depends on IP of API server behind instagram load balancer
2. It appears on ipv4 and ipv6 both
3. Problem not depends on delay between request code and exchanging this code for token
4. Logout and login helps sometimes
Has somebody any news regarding this issue ? I'm facing it too since some days... Quite randomly, seems to depend on device used and/or IP ... And maybe the alignment of stars.
I've started having the same issue yesterday as well, noticed few times before but it was happening 'sometimes', now it happens all the time. Only workaround is to switch to implicit oauth as @xmrcivicboix suggested
at the time of my last writing, i was sure as all accounts are working fine. But today, it started acting up again. Now I had to change up to different wifi to login with Instagram.
We at smartmetrics.co experience the same issue. We noticed that issue affected not everybody, many customers still can use oauth.
We contacted Instagram and Facebook support but got no answer.
Pretty much our experience. We didn't figure out what caused it, the same Instagram account sometimes works and sometimes doesn't without a change in code on different instances.
Apparently it happens from time to time, there are some posts about this problem on StackOverflow. No answers though.
We tried many things, including resetting our secret. It's working now, but it's hard to tell whether our actions had any effect.
We are experience the same issue, I have been able to reproduce the issue with the same account by just trying it repeatedly. It will eventually fail, the only solution is to sign out of Instagram, which ends up clearing your session and trying it again.
Instagram had a long period of time it went down yesterday I'd be surprised if they aren't linked.
Private mode wasn't enough to fix the error for us.
At least not in all cases, i.e. we tried production, staging and an instance running on localhost. Private mode usually changed in which places the login worked, but it never helped for all three.
We are having the same issue. Really annoying that it works for some users and for some others doesn't. Even same user sometimes works sometimes doesn't.
I have just tried different environments we have with different users that were consistently failing last week (even this morning) and I have been able to get an access token using the server approach. Can anybody else test with their apps if the problem is fixed for you? Fingers crossed.
We're experiencing the same issue here. Reports from multiple clients over the last few days. Surely enough checking the logs yields an invalid_credentials error.
Trouble is, we can't faithfully reproduce the issue from our network, but clients are reporting failures to authenticate every time they try!
Have contacted Instagram for an update. Anyone else still experiencing the issue?
I think everyone posted, replied under this thread (and many other stackoverflow threads) experienced the same issue. The issue seemed resolved for us just yesterday for a day, but today, it started acting up again, had to switch up wifi to log into Instagram. We also added email login after this incident.
Not sure if the issue has already been solved but I have tried with different accounts in different environments we have for our app and it was working fine for all the accounts. Previously, it was very easy to reproduce the problem. Fingers crossed!
change response_type=code to response_type=token. Instagram will redirect back to your site with something like /callback#access_token=123456. From here, send the user to a very simple page with the following snippet:
<script>
</script>After that, you just use the Instagram API to retrieve user by access token then perform log in. This is not a recommended flow by Instagram but is a flow that works for now if your customers are constantly hammering you with support tickets as they did with us.