Passport strategy for authenticating with Reddit using the OAuth 2.0 API.
This module lets you authenticate using Reddit in your Node.js applications. By plugging into Passport, Reddit authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.
$ npm install passport-reddit
The Reddit authentication strategy authenticates users using a Reddit
account and OAuth 2.0 tokens. The strategy requires a verify
callback, which
accepts these credentials and calls done
providing a user, as well as
options
specifying a client ID, client secret, and callback URL.
passport.use(new RedditStrategy({
clientID: REDDIT_CONSUMER_KEY,
clientSecret: REDDIT_CONSUMER_SECRET,
callbackURL: "http://127.0.0.1:3000/auth/reddit/callback"
},
function(accessToken, refreshToken, profile, done) {
User.findOrCreate({ redditId: profile.id }, function (err, user) {
return done(err, user);
});
}
));
Use passport.authenticate()
, specifying the 'reddit'
strategy, to
authenticate requests.
For example, as route middleware in an Express application:
app.get('/auth/reddit', function(req, res, next){
req.session.state = crypto.randomBytes(32).toString('hex');
passport.authenticate('reddit', {
state: req.session.state,
duration: 'permanent',
})(req, res, next);
});
app.get('/auth/reddit/callback', function(req, res, next){
// Check for origin via state token
if (req.query.state == req.session.state){
passport.authenticate('reddit', {
successRedirect: '/',
failureRedirect: '/login'
})(req, res, next);
}
else {
next( new Error(403) );
}
});
Notice the state
option use
Reddit requires state, otherwise erring out.
I've decided to opt out of providing default state, since it kills the whole purpose of the flag.
If you don't want to use it, provide any string and don't check for it on user return.
If you think this is a stupid requirement, fill an issue with reddit.
Once they remove it, this middleware will simply work.
Also included is the optional duration
parameter, to request a slightly longer authorization.
Defaults to temporary
(1 hour).
Defined in the official Reddit OAuth spec
For a complete, working example, refer to the login example.
$ npm install --dev
$ make test
Original work Copyright (c) 2012-2013 Jared Hanson <http://jaredhanson.net/>
Modified work Copyright (c) 2013 Dmytro Soltys <http://slotos.net/>
Modified work Copyright (c) 2013 Brian Partridge <http://brianpartridge.com/>