Coming soon - Get a detailed view of why an account is flagged as spam!
view details

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

48
[reddit change] OAuth 2 bearer token support for all
Author Summary
intortus is in reddit change
Post Body

We've supported bearer tokens from the draft OAuth 2 spec for some time now, but it's only been available for redditgifts account linking. These commits add a new preferences page where you can define your own oauth client (app) that works in the same way.

Once you've registered an app with the correct redirect URI for your service, you can then send users to https://ssl.reddit.com/api/v1/authorize to grant access to your app. If they click "allow", they'll be redirected back to your service with a code. Use this code to request an access token directly from https://ssl.reddit.com/api/v1/access_token. You can then use this short-lived token to make API calls on https://oauth.reddit.com as the user who granted you access.

Here's an incomplete sample of Python code using the rauth library:

auth = rauth.service.OAuth2Service(
    name="reddit",
    consumer_key=CLIENT_ID,
    consumer_secret=CLIENT_SECRET,
    access_token_url="https://ssl.reddit.com/api/v1/access_token",
    authorize_url="https://ssl.reddit.com/api/v1/authorize")

# first, make the user follow this link:
authorize_url = auth.get_authorize_url(
    response_type="code",
    scope="identity",
    state="...", # some unguessable value to prevent CSRF
    redirect_uri=CLIENT_REDIRECT_URI)

# when user is redirected back after authorizing:
code = request.args["code"]
response = auth.get_access_token(
    auth=(auth.consumer_key, auth.consumer_secret),
    data=dict(
        grant_type="authorization_code",
        code=code,
        redirect_uri=CLIENT_REDIRECT_URI))
access_token = response.content["access_token"]

Once you have an access token, add this header to your API calls:

"Authorization: bearer %s" % access_token

Because anyone who bears this access token is granted the same access, you should keep it secret and only pass it over a secure connection. All API calls authorized in this fashion must be made over https. These tokens are also short-lived; you have ten minutes to make use of one before you need to ask the user to authorize a new one.

see the code on github

EDIT: updated sample code to reflect domain changes on our end

Author
Account Strength
100%
Account Age
16 years
Verified Email
Yes
Verified Flair
No
Total Karma
27,988
Link Karma
6,564
Comment Karma
21,314
Profile updated: 6 days ago
Posts updated: 10 months ago
intortus

Subreddit

r/changelog

Post Details

Location
reddit change
We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.
Posted
12 years ago
Reddit URL
View post on reddit.com
External URL
reddit.com/r/changelog/c...