Remove query_string from callback_url.

omniauth / omniauth-instagram

OmniAuth strategy for Instagram.

112 stars 85 forks source link

Remove query_string from callback_url. #22

Closed siong1987 closed 9 years ago

siong1987 commented 9 years ago

For some reasons, Instagram decided not to accept query_string as part of the redirect_uri in their oauth2's https://api.instagram.com/oauth/access_token request.

Instagram should probably be the one to fix this since their documentation clearly states that extra parameters can be passed along and it can still be valid: https://instagram.com/developer/authentication/.

avokhmin commented 8 years ago

I think that we should allow to use query_string, because documentation has been updated, see:

https://www.instagram.com/developer/authentication/

REGISTERED REDIRECT URI REDIRECT_URI PARAMETER PASSED TO /AUTHORIZE VALID?

http://yourcallback.com/callback http://yourcallback.com/callback?type=mobile yes

REGISTERED REDIRECT URI	REDIRECT_URI PARAMETER PASSED TO /AUTHORIZE	VALID?
http://yourcallback.com/callback	http://yourcallback.com/callback?type=mobile	yes

avokhmin commented 8 years ago

ah, I see, the problem is here:

build_access_token

and we have:

Authentication failure! invalid_credentials: OAuth2::Error, :
{"code": 400, "error_type": "OAuthException", "error_message": "Redirect URI doesn't match original redirect URI"}

maybe better to add some hook and new option to define: which parameters are allowed for #build_access_token?

ropiku commented 8 years ago

Hi, just a notice I am no longer using this gem so not maintaining it. Feel free to open PRs or adopt it.