We are using Instagram as a social login for our application. I now want to use Auth0 as an user management layer. When logging in with Instagram, they create a token that can be used for API requests. They add the token to the callback URL (in this case
auth0.com/login/callback). My question is if we can persist this token back to the application. Let me illustrate the flow:
- We redirect to
- The user clicks login which opens
- After successful login Instagram redirects back to
auth0.com/login/callback?code=...- Instagram include the access token to the callback URL. There are 2 URL parameters: code and state.
- Auth0 then redirects to the app’s callback URL with
token_type, etc. in the URL. However, the
stateparameters from Instagram are lost.
Is there anyway to persist the Instagram tokens back to the application’s callback URL? We need these tokens to hit Instagram’s API. If we can’t persist them, we would need to make the user login to Instagram again so we can get the token.