AuthCanceled: Problem with Instagram oauth2 because of redirect_uri

Question

TL;DR: It seems to me that the problem is in the "redirect_state" query parameter in the redirect_uri. Instagram fails oauth2 requests with any query params.

I tried both drf-social-oauth2 and django-rest-framework-social-oauth2 python packages, with the same result.

I receive a 400-response from Instagram API: 400 Client Error: Bad Request for url: https://api.instagram.com/oauth/access_token

Reproducing the process from the console I get more details. A body of the response is: {"error_type": "OAuthException", "code": 400, "error_message": "Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request"}

Steps to reproduce the behaviour:

1. Set "Valid OAuth Redirect URIs" in an "Instagram Basic Display" app.

• https://api.mydomain.com/auth/complete/instagram/
• https://api.mydomain.com/auth/complete/instagram

2. Redirect my client to the URL:

https://api.instagram.com/oauth/authorize
  ?client_id=<my_client_id>
  &redirect_uri=https://api.mydomain.com/auth/complete/instagram/?redirect_state=<value>
  &scope=user_profile,user_media
  &response_type=code

3. When the client is redirected, copy code from the URL.
4. Then I reproduce the libraries' request:

curl -X POST \
  https://api.instagram.com/oauth/access_token \
  -F client_id=<my_client_id> \
  -F client_secret=<my_app_secret> \
  -F grant_type=authorization_code \
  -F redirect_uri="https://api.mydomain.com/auth/complete/instagram/?redirect_state=<value>" \
  -F code=<code_copied_from_clients_url>

5. Receive 400-response: {"error_type": "OAuthException", "code": 400, "error_message": "Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request"}
6. In my Instagram profile (https://www.instagram.com/accounts/manage_access/) I see successfully added my Instagram business app.

Expected behaviour

At step 5 I expect to receive an access_token and a user_id: {"access_token": "<access_token>", "user_id": <user_id>} And it works this way, only in case I remove test=test from the both: auth URL from the 2nd step and the 4th step.

Additional context

I use python 3.9.7 with:

Django==3.2.10
social-auth-app-django==5.0.0
social-auth-core==4.1.0
django-oauth-toolkit==1.6.1

My Facebook/Instagram app didn't published ("App Mode: Development"). But my Instagram accounts (which I use for testing) is added as a Tester into the Facebook/Instagram app.

I even tried to put test instead of redirect_state query parameter, and it doesn't work too.

My app settings:

I'm not sure that the problem is in the library. Maybe in my Instagram business app configuration. But I don't have any clue to get how to fix it.