Auth needs to migrate to using Reddit OAuth

[erocs]

Upon upgrading to the latest PRAW, it notifies that using password auth is deprecated. The script will have to move to using OAuth for login at some point in the next month or two.

/usr/local/lib/python2.7/dist-packages/praw/decorators.py:88: DeprecationWarning: reddit intends to disable password-based authentication of API clien ts sometime in the near future. As a result this method will be removed in a future major version of PRAW.

For more information please see:

• Original reddit deprecation notice: https://www.reddit.com/comments/2ujhkr/
• Updated delayed deprecation notice: https://www.reddit.com/comments/37e2mv/

[Pentom]

Alright - will look into this in the next week or so. OAuth is generally a pain to implement as the server but easy for the client. Shouldn't be that bad.

Thanks for alerting me.

[Pentom]

Few notes: http://praw.readthedocs.org/en/latest/pages/oauth.html https://www.reddit.com/r/redditdev/comments/2ujhkr/important_api_licensing_terms_clarified/coch3em

Expected timeline: Within a week. Side effects: This will -require- an upgrade to praw to take affect. While I am trying to keep with an earlier version of python, this praw upgrade is of no consequence to me at this time. I will need to review functionality and see if there are any features that are too-broken but unless thats the case, will be a mandatory upgrade after this change has occurred. Will update docs to reflect that when its time.

[Pentom]

import praw

r = praw.Reddit(user_agent='ModMailTicketCreator v0.01 by /u/Pentom') r.set_oauth_app_info(client_id='YOURCLIENTID',client_secret='YOURSECRET',redirect_uri='http://127.0.0.1:65010/authorize_callback') r.get_authorize_url('uniqueKey', ['identity', 'edit', 'modlog', 'privatemessages', 'read'], True)

in the broken url you redirected to, see the thing after &code= - well, copy that.

access_information = r.get_access_information('THECODEFROMABOVE') r.set_access_credentials(**access_information) access_information = r.refresh_access_information(access_information['refresh_token']) r.get_me()

[Pentom]

oAuth migration almost complete but ran into what -appears- to be a bug in praw 3.1.0.

Script changes tested out fine excepting the delivery of messages -back- into modmail. This is failing at the moment. Two tracking tickets in the main praw-dev repo created to monitor it though this may just be a misunderstanding on my part as to the correct calling pattern in oauth vs login.

https://github.com/praw-dev/praw/issues/476 https://github.com/praw-dev/praw/issues/477

Code migration is, then, on hold for now. If it turns out that Reddit pops on the 'oauth mandatory' before addressed, there are workarounds we can take but best to keep within praw if reasonable.

[bboe]

It's highly unlikely for reddit to make OAuth mandatory. The employee who was working on that left, and hence until they can prioritize the API they will extend username/password auth. I assume there will be another window for the transition once they want to push OAuth only.

[Pentom]

@bboe - Thanks for the information here - I really appreciate it. Its hard to tell what dev-management is going to support but if you were a betting man, would you say its likely we have 6 months runway before oauth is forced to mandatory (if ever)? If thats the case, I will finish this up in a side branch and continue to use standard standard login while still testing oauth to help debug these issues.

[Pentom]

A bit stalled here - I don't want to implement something that is unlikely to be used (per comment from bboe) and its holding up other tickets that -can- be worked on. Will try to review, later tonight, latest administration comments on the oauth switch and come to a decision. We can always change when and if the reddit administration changes but until then. . .

[bboe]

I'd say probably 3 months at least. Maybe not 6.