1. Check Your Redirect URIEnsure the redirect URI you specify in your code exactly matches (character by character) the one registered in your Instagram App settings.
The URI must use https (not http). Instagram does not allow non-HTTPS redirect URIs for security reasons.
Avoid using localhost unless it’s explicitly allowed in your app settings.
2. Validate Instagram App Configuration
Make sure you are using the correct Instagram App ID, not a Facebook App ID.
Double-check your Instagram Developer Dashboard that:
The redirect URI is whitelisted under “Valid OAuth Redirect URIs”.
Your app is in “Live” or “Development” mode as needed and the test users are assigned if in “Development”.
3. Initiate the OAuth Flow Correctly
When the user clicks “Login with Instagram”, redirect them to the Instagram OAuth endpoint (example URL structure):
[
https://api.instagram.com/oauth/authorize
?client_id=YOUR_APP_ID
&redirect_uri=YOUR_REGISTERED_URL
&scope=user_profile,user_media
&response_type=code
]
Use window.location.href = authUrl; in your front-end code to perform the redirect.
4. Handling the Redirect
After the user logs in on Instagram and authorizes, Instagram will redirect to your URI with a code parameter:
[ YOUR_REGISTERED_URL?code=AUTHORIZATION_CODE ]
Capture this authorization code from the URL.
5. Exchange Code for Access Token
In your backend, POST to https://api.instagram.com/oauth/access_token including:
client_id
client_secret
grant_type (set to authorization_code)
redirect_uri (same one)
codee (the one from Instagram)
Make sure the backend endpoint is reachable and working properly.
6. Common Pitfalls
Invalid redirect_uri: This is the most frequent error. Triple-check the matching and HTTPS requirement.
Wrong environment: If the app is not Live, only registered test users can log in.
Cache/cookies: Sometimes, browser caching or cookies can cause old values (clear them if issues persist).
App Secret/PKCE: Instagram Basic Display does NOT support PKCE, and requires you to send the app secret in the token request.