Skip to content

Reddit OAuth2 provider for league/oauth2-client

License

Notifications You must be signed in to change notification settings

sigwinhq/oauth2-reddit

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Reddit OAuth2 Provider

Build Status Scrutinizer Scrutinizer Coverage Latest Version License Join the chat at https://gitter.im/rtheunissen/oauth2-reddit

This package provides Reddit integration for thephpleague/oauth2-client.

Installation

composer require rtheunissen/oauth2-reddit

Usage

use Rudolf\OAuth2\Client\Provider\Reddit;

$reddit = new Reddit([
    'clientId'      => 'yourClientId',
    'clientSecret'  => 'yourClientSecret',
    'redirectUri'   => 'yourRedirectUri',
    'userAgent'     => 'platform:appid:version, (by /u/username)',
    'scopes'        => ['identity', 'read', ...],
]);

Requesting an access token

There are four different ways to request an access token, and you should be able to determine which to use based on the nature of your application.

Have a read through the Reddit OAuth2 Wiki to find out more.

For web apps, using 'code' and 'state'
$url = $reddit->getAuthorizationUrl([
    'duration' => $duration,  // "permanent" or "temporary" by default
]);

You'll receive both code and state when redirected from Reddit.

$accessToken = $reddit->getAccessToken('authorization_code', [
    'code'  => $code,
    'state' => $state
]);
For scripts intended for personal use, using 'username' and 'password'
$accessToken = $reddit->getAccessToken('password', [
    'username' => $username,
    'password' => $password,
]);
For installed applications

You should generate and save unique ID on your client. The ID should be unique per-device or per-user of your app. A randomized or pseudo-randomized value is acceptable for generating the ID; however, you should retain and re-use the same device_id when renewing your access token.

$accessToken = $reddit->getAccessToken('installed_client', [
    'device_id' => $deviceId,  // 20-30 character ASCII string
]);
For confidential clients (web apps / scripts)
$accessToken = $reddit->getAccessToken('client_credentials');

Refreshing an access token

The only way to get a refresh token is by using the state and code redirect flow, with the duration set as "permanent". The resulting access token will have a valid refreshToken property, which you can use to refresh the token.

Note that the refreshed token won't have a refreshToken field. You should use the same refresh token every time you refresh the current token, and simply update its accessToken and expires properties.

$refreshToken = $reddit->getAccessToken('refresh_token', [
    'refresh_token' => $accessToken->refreshToken
]);

$accessToken->accessToken = $refreshToken->accessToken;
$accessToken->expires = $refreshToken->expires;

// Remember to re-store the refreshed access token at this point

Using the access token

Reddit requires a few authorization headers when making authenticated API requests. These can be accessed using $reddit->getHeaders($token).

Note: The pending v1.0.0 release of thephpleague/oauth2-client will make this easier by providing an authenticated request object which you can adjust for each request.

Until then, you are advised to use either a dedicated HTTP client or the client used by the provider:

$client = $reddit->getHttpClient(); // Guzzle 3

About

Reddit OAuth2 provider for league/oauth2-client

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • PHP 100.0%