PR Description: Updating Authentication Flow for Reddit API
This pull request addresses changes in the Reddit API that now require authentication even for fetching .json links. Due to these changes, the initial purpose of this branch, which was implementing user downloads, was temporarily diverted. The changes in the API made it necessary to rethink the authentication strategy.
Authentication Approach
The chosen authentication approach initially centered around using the "installed app" authentication type, suitable for desktop apps like this one. However, further investigation revealed a few challenges with this approach:
Limitations of Installed App: The "installed app" authentication type comes with some limitations, particularly the restriction that all traffic is associated with the client ID. This could potentially lead to issues, especially considering the app's use case and potential traffic volume.
Storing Sensitive Information: Storing the client ID securely without relying on an external server became a concern. Placing sensitive credentials directly in the app could pose security risks, especially considering that the app's source code is hosted on GitHub.
New Approach
After considering these challenges, a decision was made to implement an authentication flow similar to that of web apps. This involves creating an external authentication service. Here's how the new approach works:
External Auth Service: An external service will handle the authentication process with the Reddit API. This service will be hosted externally and interact with the Reddit API to obtain the access token.
Authorization Code Flow: When the user initiates the authentication process, the Tauri app will direct the user to a web-based login page where they will log in to their Reddit account. This follows the authorization code flow, a widely accepted authentication pattern.
Access Token: Upon successful login, the external service will receive an authorization code. It will exchange this code with Reddit's servers for an access token. This access token will then be securely sent back to the Tauri app.
Changes in This PR
This PR contains the necessary code changes to facilitate the new authentication approach for the Reddit API. It includes the logic to get the access token and check if the token is expired.
PR Description: Updating Authentication Flow for Reddit API
This pull request addresses changes in the Reddit API that now require authentication even for fetching
.jsonlinks. Due to these changes, the initial purpose of this branch, which was implementing user downloads, was temporarily diverted. The changes in the API made it necessary to rethink the authentication strategy.Authentication Approach
The chosen authentication approach initially centered around using the "installed app" authentication type, suitable for desktop apps like this one. However, further investigation revealed a few challenges with this approach:
Limitations of Installed App: The "installed app" authentication type comes with some limitations, particularly the restriction that all traffic is associated with the client ID. This could potentially lead to issues, especially considering the app's use case and potential traffic volume.
Storing Sensitive Information: Storing the client ID securely without relying on an external server became a concern. Placing sensitive credentials directly in the app could pose security risks, especially considering that the app's source code is hosted on GitHub.
New Approach
After considering these challenges, a decision was made to implement an authentication flow similar to that of web apps. This involves creating an external authentication service. Here's how the new approach works:
External Auth Service: An external service will handle the authentication process with the Reddit API. This service will be hosted externally and interact with the Reddit API to obtain the access token.
Authorization Code Flow: When the user initiates the authentication process, the Tauri app will direct the user to a web-based login page where they will log in to their Reddit account. This follows the authorization code flow, a widely accepted authentication pattern.
Access Token: Upon successful login, the external service will receive an authorization code. It will exchange this code with Reddit's servers for an access token. This access token will then be securely sent back to the Tauri app.
Changes in This PR
This PR contains the necessary code changes to facilitate the new authentication approach for the Reddit API. It includes the logic to get the access token and check if the token is expired.