rtheunissen / oauth2-reddit
Reddit OAuth2 provider for league/oauth2-client
Installs: 47 688
Dependents: 1
Suggesters: 0
Security: 0
Stars: 11
Watchers: 4
Forks: 11
Open Issues: 4
Requires
- php: >=5.6.0
- league/oauth2-client: ^2.2
Requires (Dev)
- phpunit/phpunit: ^5.0
README
This package provides Reddit integration for thephpleague/oauth2-client.
Installation
composer require rtheunissen/oauth2-reddit
Usage
use Rudolf\OAuth2\Client\Provider\Reddit; $reddit = new Reddit([ 'clientId' => 'yourClientId', 'clientSecret' => 'yourClientSecret', 'redirectUri' => 'yourRedirectUri', 'userAgent' => 'platform:appid:version, (by /u/username)', 'scopes' => ['identity', 'read', ...], ]);
Requesting an access token
There are four different ways to request an access token, and you should be able to determine which to use based on the nature of your application.
Have a read through the Reddit OAuth2 Wiki to find out more.
For web apps, using 'code' and 'state'
$url = $reddit->getAuthorizationUrl([ 'duration' => $duration, // "permanent" or "temporary" by default ]);
You'll receive both code
and state
when redirected from Reddit.
$accessToken = $reddit->getAccessToken('authorization_code', [ 'code' => $code, 'state' => $state ]);
For scripts intended for personal use, using 'username' and 'password'
$accessToken = $reddit->getAccessToken('password', [ 'username' => $username, 'password' => $password, ]);
For installed applications
You should generate and save unique ID on your client. The ID should be unique per-device or per-user of your app. A randomized or pseudo-randomized value is acceptable for generating the ID; however, you should retain and re-use the same device_id when renewing your access token.
$accessToken = $reddit->getAccessToken('installed_client', [ 'device_id' => $deviceId, // 20-30 character ASCII string ]);
For confidential clients (web apps / scripts)
$accessToken = $reddit->getAccessToken('client_credentials');
Refreshing an access token
The only way to get a refresh token is by using the state and code redirect flow,
with the duration set as "permanent". The resulting access token will have a valid
refreshToken
property, which you can use to refresh the token.
Note that the refreshed token won't have a refreshToken
field. You should use the
same refresh token every time you refresh the current token, and simply update its
accessToken
and expires
properties.
$refreshToken = $reddit->getAccessToken('refresh_token', [ 'refresh_token' => $accessToken->refreshToken ]); $accessToken->accessToken = $refreshToken->accessToken; $accessToken->expires = $refreshToken->expires; // Remember to re-store the refreshed access token at this point
Using the access token
Reddit requires a few authorization headers when making authenticated API requests.
These can be accessed using $reddit->getHeaders($token)
.
Note: The pending v1.0.0 release of thephpleague/oauth2-client will make this easier by providing an authenticated request object which you can adjust for each request.
Until then, you are advised to use either a dedicated HTTP client or the client used by the provider:
$client = $reddit->getHttpClient(); // Guzzle 3