Ask HN: Does anyone else have problems with Instagram API OAuth2?

To temporary fix the issue, you could do the following:

change response_type=code to response_type=token. Instagram will redirect back to your site with something like /callback#access_token=123456. From here, send the user to a very simple page with the following snippet:

<script>

    if (window.location.hash && window.location.hash.indexOf('#access_token=') !== -1) {
        var accessToken = window.location.hash.replace('#access_token=', '');
        window.location = '/callback?access_token=' + accessToken;
    }

</script>

After that, you just use the Instagram API to retrieve user by access token then perform log in. This is not a recommended flow by Instagram but is a flow that works for now if your customers are constantly hammering you with support tickets as they did with us.

I've managed to work around this by changing the API host name from 'api.instagram.com' to 'www.instagram.com' for the Oauth authentication flow.

Here's my fork for the omniauth-instagram Ruby gem, which is now allowing me to consistently log in: https://github.com/stefl/omniauth-instagram/blob/master/lib/...

We started having same issue since last Friday (Dec. 15, 2016) after working fine for months. Same user can login via oauth on one wifi, but not on the other, or even on mobile cellular network. And even when it worked on that wifi at one point, it does not work at other times. We have not found a workaround to fix this, reported to Instagram 24 hours ago, waiting...I tried to login to my account on instagram.com first, then go back to our site, browser would log in automatically. So far, we don't have a solution yet.

I reported this to a contact at Instagram and they said they are aware of the issue. They don’t have an ETA for the fix yet, but they are looking into it. It's just odd that it seems so random with all of our customers.

I'm creator of https://picodash.com, I noticed the same issue about a week ago but did not get any complains from my customers, so debugged it for 8 hours until I found this (I know it will be hard to believe):

I kept getting "Matching code was not found or was already used." when using thru my oauth python code which btw has been working for 6 years now. But when I used curl to do POST, it worked, when I tried Curl again with same oauth code, it failed, So I think this is something that was recently changed by Instagram, the oauth code only works one time, I kind of remember this code could be used more than once before to make POST call, but there was time limit instead, after which using same code was failing.

So with me, this was always failing, but no complains from my customers, I could see logs that new people were signing up.

I started testing on localhost, I added debug logs, I did notice that there was 2 POST calls being made, so it was failing. I could see that 2 POST calls was made and first one did work and get access_token, but there was a second call made and this was error 400 and oauth flow was failing. Almost looked like a retry of POST call, cause my code should only make one.

I started trying different browsers, failed on all firefox,IE, safari, chrome. And then decided to try on my iphone, it worked 100%, so looked for difference, it was on LTE, so I guessed may be my wifi, switched to wifi on iphone and it started failing 100%. So now on my dev system, I connected modem directly to system without router and tried, it passed 100%, so it was my wireless router (I know weird), I tried another 3rd party instagram web app, had same issue but worked without the wireless router. So on Monday I got another wireless router and no issues, it started working. So this could be an isolated incident for me, I came to conclusion that I was using some old router that was dropping POST request and making second attempt and failing.

So I guess if this is affecting all your customer check you code by putting logs that you are making one POST request. Try making a CURL after you receive the code and make sure it is working on first attempt.

Today after reading this, I check my oauth login again, I did notice it fail few times, but when I try again, it is passing, so something changed again I think.

Some of our customers have complained how they were having issues with logging in with their account a few days ago. We've tested it on our end and it was working without any issue. However, we encountered the issue yesterday and still having it. However, a very few customers are not having any issue. Really weird and annoying. Reported to Instagram, still no feedback.

What we know at this moment:

1. It not depends on IP of API server behind instagram load balancer 2. It appears on ipv4 and ipv6 both 3. Problem not depends on delay between request code and exchanging this code for token 4. Logout and login helps sometimes

Has somebody any news regarding this issue ? I'm facing it too since some days... Quite randomly, seems to depend on device used and/or IP ... And maybe the alignment of stars.

Same problem on our end. Some environments work for some users and not for others. Have tried all the StackOverflow suggested answers with no luck.

Reported issues but haven't heard back

I've started having the same issue yesterday as well, noticed few times before but it was happening 'sometimes', now it happens all the time. Only workaround is to switch to implicit oauth as @xmrcivicboix suggested

I cannot get ahold of Instagram! This is impacting a lot of our users and there seems to be no channel of communication!

Still not working here (explicit auth). Every attempt is failing with the error 400: Matching code was not found or was already used.

May I ask if you guys have a link to where you reported this issue? I am having the same problem.

It happens for us as well, it started this week. Lots of users complaining.

In our case, it seems that most of our customer facing this issue is using business profile, any others checked this?

I got reply from Instagram that they are aware of issue and working on it.

Having the same issue since a few days

Currently I'm seeing a lot of 400 errors: "Matching code was not found or was already used."

Any response from Instagram?

Same problem

Same problem

Same problem here.

today all work nice!

Same problem

We are having the same issue. Really annoying that it works for some users and for some others doesn't. Even same user sometimes works sometimes doesn't.

I have just tried different environments we have with different users that were consistently failing last week (even this morning) and I have been able to get an access token using the server approach. Can anybody else test with their apps if the problem is fixed for you? Fingers crossed.

We're experiencing the same issue here. Reports from multiple clients over the last few days. Surely enough checking the logs yields an invalid_credentials error.

Trouble is, we can't faithfully reproduce the issue from our network, but clients are reporting failures to authenticate every time they try!

Have contacted Instagram for an update. Anyone else still experiencing the issue?

Anyone know if the problem has already been solved?

Thank you!