Skip to content
This repository was archived by the owner on Mar 24, 2025. It is now read-only.

Slotos/passport-reddit

BranchesTags

Repository files navigation

Archival notice

I don't use reddit anymore, this library is complete, but first and foremost, it implements a wrong thing correctly!

OAuth2 is not an authentication protocol and you shoould not use this or any other library to authenticate with reddit. Authenticating via OAuth2 can lead to attack escalation or even novel attacks for one simple reason - there's no authenticity information being exchanged between your app and the only party that could provide it when it matters in the OAuth2 flow.

tl;dr This library, just like many other OAuth2 login strategies, is a play-pretend and incomplete implementation of OpenID Connect written in the time when I didn't know better. Do NOT authenticate with OAuth2!

Passport-Reddit Build Status Coverage Status

Passport strategy for authenticating with Reddit using the OAuth 2.0 API.

This module lets you authenticate using Reddit in your Node.js applications. By plugging into Passport, Reddit authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.

Install

$ npm install passport-reddit

Usage

Configure Strategy

The Reddit authentication strategy authenticates users using a Reddit account and OAuth 2.0 tokens. The strategy requires a verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret, and callback URL.

passport.use(new RedditStrategy({
    clientID: REDDIT_CONSUMER_KEY,
    clientSecret: REDDIT_CONSUMER_SECRET,
    callbackURL: "http://127.0.0.1:3000/auth/reddit/callback"
  },
  function(accessToken, refreshToken, profile, done) {
    User.findOrCreate({ redditId: profile.id }, function (err, user) {
      return done(err, user);
    });
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'reddit' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.get('/auth/reddit', function(req, res, next){
  passport.authenticate('reddit', {
    duration: 'permanent',
  })(req, res, next);
});

app.get('/auth/reddit/callback', function(req, res, next){
  passport.authenticate('reddit', {
    successRedirect: '/',
    failureRedirect: '/login'
  })(req, res, next);
});
duration option on authenticate call

This strategy supportsduration option on authenticate call, to request an indefinite authorization as opposed to 1 hour default.
Possible values: permanent and temporary (1 hour).

Defined in the official Reddit OAuth spec

Examples

For a complete, working example, refer to the login example.

Tests

$ npm install --dev
$ make test

Credits

License

The MIT License

Original work Copyright (c) 2012-2013 Jared Hanson <http://jaredhanson.net/>

Modified work Copyright (c) 2013 Dmytro Soltys <http://slotos.net/>

Modified work Copyright (c) 2013 Brian Partridge <http://brianpartridge.com/>

About

Reddit oauth2 authentication strategy for passport.js

Resources

Readme

License

View license
Activity

Stars

49 stars

Watchers

2 watching

Forks

24 forks
Report repository

Releases 1

v1.1.0 Latest
Jul 18, 2022

Packages

No packages published

Contributors 8

Languages