sirkris
commented
3 years ago Have you tried just sending the appId and appSecret to RedditClient?
var reddit = new RedditClient(appId: "YourAppID", appSecret: "YourAppSecret");
Open GhimpuLucianEduard opened 3 years ago
sirkris
commented
3 years ago Have you tried just sending the appId and appSecret to RedditClient?
var reddit = new RedditClient(appId: "YourAppID", appSecret: "YourAppSecret");
GhimpuLucianEduard
commented
3 years ago Hmm, I did try but in some instances, I get a 404, which I thought may be caused by me providing some bad parameters.
And some times I get 403, here's a sample:
var reddit = new RedditClient(appId: "id", appSecret: "secret");
var posts = reddit.Subreddit("learnpython").Posts.Hot;
Console.WriteLine(posts.Count);
Pretty sure the id and secret work since I tested them.
sirkris
commented
3 years ago Hmm you're right. It looks like Reddit's OAuth requires a different parameter during the auth token retrieval process. The returned result includes an access token but not a refresh token, suggesting that the auth workflow must be completed at the start of every session. The docs don't say whether this affects the access token expiration, so I'm assuming it's the same.
Looks like I'll need to add support for this to the AuthTokenRetrieverLib. Right now, it's hard-coded to a grant_type of authorization_code, and you have to provide installed_client or client_credentials, instead.
GhimpuLucianEduard
commented
3 years ago Hello Kris,
Sorry for the late reply but I haven't worked with the library lately and started again just recently.
That is right, you need to specify client_credentials as the grant type. The exact use case can be found here in Reddit's API docs.
You mentioned that there's a need to change the grant_type in AuthTokenRetriverLib, correct me if I'm wrong but it will also require a small change here
Basically replace the last else branch to use the client_credentials grant_type instead of throwing an exception, something like this:
if (!string.IsNullOrEmpty(RefreshToken))
{
keyReq.AddParameter("grant_type", "refresh_token");
keyReq.AddParameter("refresh_token", RefreshToken);
}
else if (!string.IsNullOrEmpty(DeviceId))
{
keyReq.AddParameter("grant_type", "https://oauth.reddit.com/grants/installed_client");
keyReq.AddParameter("device_id", DeviceId);
}
else
{
// old
// throw new RedditException("Either a refresh token or device ID is required for authentication.");
// Explanation: if both refresh token and device id are empty -> use client_credentials for application only auth
keyReq.AddParameter("grant_type", "client_credentials");
}But I've not tested it yet. I'll be happy to test it and create a PR, just wanted to get your opinion and if there're other places in the codebase that I might have missed and are related to the auth flow.
muhmuhhum
commented
3 years ago is there an update on this issue
sirkris
commented
2 years ago Sorry for the delay. I stepped away for awhile to handle some personal stuff and am only just now starting to get back on this. There's no update, unfortunately; this is still a planned fix for the next release.
That being said, I'm planning a hotfix to correct a security vulnerability in one of the dependencies, so I could just include this fix with that and get it out faster that way. I appreciate your patience.
Hello,
Is there a way to get a
RedditClientinstance that only requiresappIdandappSecret? (using script-app) In theory, this could be used to fetch public data that does not require auth.Something similar to what PRAW (python API client) does https://praw.readthedocs.io/en/latest/getting_started/quick_start.html