Skip to content

Latest commit

 

History

History
104 lines (78 loc) · 3.53 KB

README.md

File metadata and controls

104 lines (78 loc) · 3.53 KB

Passport-Reddit Build Status Coverage Status

Passport strategy for authenticating with Reddit using the OAuth 2.0 API.

This module lets you authenticate using Reddit in your Node.js applications. By plugging into Passport, Reddit authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.

Install

$ npm install passport-reddit

Usage

Configure Strategy

The Reddit authentication strategy authenticates users using a Reddit account and OAuth 2.0 tokens. The strategy requires a verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret, and callback URL.

passport.use(new RedditStrategy({
    clientID: REDDIT_CONSUMER_KEY,
    clientSecret: REDDIT_CONSUMER_SECRET,
    callbackURL: "http://127.0.0.1:3000/auth/reddit/callback"
  },
  function(accessToken, refreshToken, profile, done) {
    User.findOrCreate({ redditId: profile.id }, function (err, user) {
      return done(err, user);
    });
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'reddit' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.get('/auth/reddit', function(req, res, next){
  req.session.state = crypto.randomBytes(32).toString('hex');
  passport.authenticate('reddit', {
    state: req.session.state,
    duration: 'permanent',
  })(req, res, next);
});

app.get('/auth/reddit/callback', function(req, res, next){
  // Check for origin via state token
  if (req.query.state == req.session.state){
    passport.authenticate('reddit', {
      successRedirect: '/',
      failureRedirect: '/login'
    })(req, res, next);
  }
  else {
    next( new Error(403) );
  }
});

Notice the state option use Reddit requires state, otherwise erring out. I've decided to opt out of providing default state, since it kills the whole purpose of the flag. If you don't want to use it, provide any string and don't check for it on user return. If you think this is a stupid requirement, fill an issue with reddit. Once they remove it, this middleware will simply work.

Also included is the optional duration parameter, to request a slightly longer authorization. Defaults to temporary (1 hour). Defined in the official Reddit OAuth spec

Examples

For a complete, working example, refer to the login example.

Tests

$ npm install --dev
$ make test

Credits

License

The MIT License

Original work Copyright (c) 2012-2013 Jared Hanson <http://jaredhanson.net/>

Modified work Copyright (c) 2013 Dmytro Soltys <http://slotos.net/>

Modified work Copyright (c) 2013 Brian Partridge <http://brianpartridge.com/>