Allowing users to contribute to live threads

Question

Allowing users to contribute to live threads

Closed this issue 10 years ago · 4 comments

I'm new to OAuth/2. So it looks like this only handles authentication, right? I would need another script to send the user live thread contribution permissions?

Answer 1 · 2014-08-12T22:38:36.000Z

Forgive me my nitpicking, but it's quite an important detail, that helps immensely when working with OAuth. OAuth is an authorization framework, allowing third party applications to act on behalf of users of a service (it is being used as authentication solution quite often, but that's a happy side-effect). Otherwise you're right, this library doesn't provide an API client.

At the end of the exchange you will have a token, that will give you access to the scopes you've requested. You will have to behave in accordance to Reddit API rules, however. You can implement API client yourself by perusing reddit api docs, or you can use existing wrappers, some of which have OAuth support built in.

If you choose the first approach, just include Authorization: bearer TOKEN in your request headers, where TOKEN is the token you've received with passport-reddit. Live thread functionality is being spread over several scopes, so make sure you've requested all the scopes you need during authorization phase. Be wary of token expiration and always keep an eye on conforming to API rules mentioned earlier.

Answer 2 · 2014-08-13T16:29:19.000Z

Okay, thanks for that thorough clarification. I'm already using http://www.reddit.com/r/rawjs to post to Reddit Live Threads (with a hardcoded bot's credentials), so I guess I need to find a way to pass this token to raw.js, and find out which scopes I need.

As far as scopes, does passport-reddit handle this? I couldn't find it in the code. I didn't see it in the app settings either for a reddit web app. I did see the documentation declaring the available scopes, but not sure where to implement them.

Answer 3 · 2014-08-13T20:27:25.000Z

When in doubt - check tests :)

You provide scope in options.scope either as a comma separated string, or a string array:

new RedditStrategy(
{
  clientID: 'ABC123',
  clientSecret: 'secret',
  scope: 'one,two,ten'
},

Looking at raw.js, I see it has an OAuth2 support.. However from a quick glance I don't see any way to set scopes in its code. There is an unused authUrl, that provides scopes facility, but it's not used anywhere. Still, I might be missing something. In the end I'd recommend to use raw-js facilities to work with OAuth2 API endpoints. It does OAuth2 similar to the way passport-reddit does them, so why multiply entities unless you really need to.

Answer 4 · 2014-08-14T01:48:32.000Z

I had installed passport-reddit via npm, so I'm dumb and didn't think to check tests.

For my socket.io chat app:
I was using raw.js livethread updates, which worked fine but couldn't figuire out OAuth2.

Website node express app:
I decided to try your sample code and it worked off the bat.

Thanks for your help and for getting me pointed in the right direction.