![]() When you send the user to the authorization URL, they will be shown what parts of their account you want access to based on the requested scopes: Verify that redirect_uri is set and matches what is set for your app ![]() Verify that client_id is set and correct for your app Also see for a list of all available scopes. See for a breakdown of which API endpoints require which scopes. Scope Values: identity, edit, flair, history, modconfig, modflair, modlog, modposts, modwiki, mysubreddits, privatemessages, read, report, save, submit, subscribe, vote, wikiedit, wikiread. See our automatically generated API docs. You must explicitly request access to areas of the api, such as private messaging or moderator actions. ![]() The implicit grant flow does not allow permanent tokens.Īll bearer tokens are limited in what functions they may perform. Choose temporary if you're completing a one-time request for the user (such as analyzing their recent comments) choose permanent if you will be performing ongoing tasks for the user, such as notifying them whenever they receive a private message. You may use the refresh_token to acquire a new bearer token after your current token expires. If you indicate you need permanent access to a user's account, you will additionally receive a refresh_token when acquiring the bearer token. Indicates whether or not your app needs a permanent token. If authorization succeeds, the user's browser will be instructed to redirect to this location. If this does not match the registered redirect_uri, the authorization request will fail. The redirect_uri you have specified during registration (You may also use this value to, for example, tell your webserver what action to take after receiving the OAuth2 bearer token) This ensures that only authorization requests you've started are ones you finish. This value will be returned to you when the user visits your REDIRECT_URI after allowing your app access - you should verify that it matches the one you sent. You should generate a unique, possibly random, string for each authorization request. The Client ID generated during app registration Note: Use /api/v1/pact? for a page that's friendlier to small screens. State=RANDOM_STRING&redirect_uri=URI&duration=DURATION&scope=SCOPE_STRING In order to do so, your website or app should send the user to the authorization URL: To act on behalf of a user, the user has to let know that they're ok with your app performing certain actions for them, such as reading their subreddit subscriptions or sending a private message. In order to make requests to reddit's API via OAuth, you must acquire an Authorization token, either on behalf of a user or for your client (see Application Only OAuth, below). Non-confidential clients (installed apps) do not have a secret. The part underlined in red is your client secret. The redirect uri is important - for web apps, it points to a URL on a webserver that you control. Only has access to your account.īe sure to give the app a reasonable name and description.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |