Reddit OAuth2 provider for league/oauth2-client
This package provides Reddit integration for thephpleague/oauth2-client.
composer require rtheunissen/oauth2-reddit
use Rudolf\OAuth2\Client\Provider\Reddit; $reddit = new Reddit([ 'clientId' => 'yourClientId', 'clientSecret' => 'yourClientSecret', 'redirectUri' => 'yourRedirectUri', 'userAgent' => 'platform:appid:version, (by /u/username)', 'scopes' => ['identity', 'read', ...], ]);
There are four different ways to request an access token, and you should be able to determine which to use based on the nature of your application.
Have a read through the Reddit OAuth2 Wiki to find out more.
$url = $reddit->getAuthorizationUrl([ 'duration' => $duration, // "permanent" or "temporary" by default ]);
You'll receive both
state when redirected from Reddit.
$accessToken = $reddit->getAccessToken('authorization_code', [ 'code' => $code, 'state' => $state ]);
$accessToken = $reddit->getAccessToken('password', [ 'username' => $username, 'password' => $password, ]);
You should generate and save unique ID on your client. The ID should be unique per-device or per-user of your app. A randomized or pseudo-randomized value is acceptable for generating the ID; however, you should retain and re-use the same device_id when renewing your access token.
$accessToken = $reddit->getAccessToken('installed_client', [ 'device_id' => $deviceId, // 20-30 character ASCII string ]);
$accessToken = $reddit->getAccessToken('client_credentials');
The only way to get a refresh token is by using the state and code redirect flow,
with the duration set as "permanent". The resulting access token will have a valid
refreshToken property, which you can use to refresh the token.
Note that the refreshed token won't have a
refreshToken field. You should use the
same refresh token every time you refresh the current token, and simply update its
$refreshToken = $reddit->getAccessToken('refresh_token', [ 'refresh_token' => $accessToken->refreshToken ]); $accessToken->accessToken = $refreshToken->accessToken; $accessToken->expires = $refreshToken->expires; // Remember to re-store the refreshed access token at this point
Reddit requires a few authorization headers when making authenticated API requests.
These can be accessed using
Note: The pending v1.0.0 release of thephpleague/oauth2-client will make this easier by providing an authenticated request object which you can adjust for each request.
Until then, you are advised to use either a dedicated HTTP client or the client used by the provider:
$client = $reddit->getHttpClient(); // Guzzle 3