-
Notifications
You must be signed in to change notification settings - Fork 30
Damien edited this page Jun 5, 2016
·
1 revision
// Client-side (implicit) flow
let reddit: Provider = .Reddit(
clientID: "***",
redirectURL: "foo://callback"
)
// Server-side (explicit) flow
let reddit: Provider = .Reddit(
clientID: "***",
clientSecret: "***"
redirectURL: "foo://callback"
)| Parameter | Explanation |
|---|---|
| access_token | Your access token, |
| token_type | The string "bearer" |
| expires_in | Seconds until the token expires |
| scope | The scope of the token |
| state | This value should be the same as the one sent in the initial authorization request, and your app should verify that it is, in fact, the same. Your app may also do anything else it wishes with the state info, such as parse a portion of it to determine what action to perform on behalf of the user. |
{
"access_token": Your access token,
"token_type": "bearer",
"expires_in": Unix Epoch Seconds,
"scope": A scope string,
"refresh_token": Your refresh token
}
Scope Values: identity, edit, flair, history, modconfig, modflair, modlog, modposts, modwiki, mysubreddits, privatemessages, read, report, save, submit, subscribe, vote, wikiedit, wikiread.
| Parameter | Values | Description |
|---|---|---|
client_id |
The Client ID generated during app registration | Tells reddit.com which app is making the request |
response_type |
token |
Must be the string "token". |
state |
A string of your choosing | You should generate a unique, possibly random, string for each authorization request. This value will be returned to you when the user visits your REDIRECT_URI after allowing your app access - you should verify that it matches the one you sent. This ensures that only authorization requests you've started are ones you finish. (You may also use this value to, for example, tell your webserver what action to take after receiving the OAuth2 bearer token) |
redirect_uri |
The redirect_uri you have specified during registration | If this does not match the registered redirect_uri, the authorization request will fail. If authorization succeeds, the user's browser will be instructed to redirect to this location. |
scope |
A space-separated* list of scope strings | All bearer tokens are limited in what functions they may perform. You must explicitly request access to areas of the api, such as private messaging or moderator actions. See our automatically generated API docs. Scope Values: identity, edit, flair, history, modconfig, modflair, modlog, modposts, modwiki, mysubreddits, privatemessages, read, report, save, submit, subscribe, vote, wikiedit, wikiread. |
| Parameter | Values | Description |
|---|---|---|
client_id |
The Client ID generated during app registration | Tells reddit.com which app is making the request |
response_type |
code |
Must be the string "code". For implicit grants, see below. |
state |
A string of your choosing | You should generate a unique, possibly random, string for each authorization request. This value will be returned to you when the user visits your REDIRECT_URI after allowing your app access - you should verify that it matches the one you sent. This ensures that only authorization requests you've started are ones you finish. (You may also use this value to, for example, tell your webserver what action to take after receiving the OAuth2 bearer token) |
redirect_uri |
The redirect_uri you have specified during registration | If this does not match the registered redirect_uri, the authorization request will fail. If authorization succeeds, the user's browser will be instructed to redirect to this location. |
duration |
Either temporary or permanent
|
Indicates whether or not your app needs a permanent token. All bearer tokens expire after 1 hour. If you indicate you need permanent access to a user's account, you will additionally receive a refresh_token when acquiring the bearer token. You may use the refresh_token to acquire a new bearer token after your current token expires. Choose temporary if you're completing a one-time request for the user (such as analyzing their recent comments); choose permanent if you will be performing ongoing tasks for the user, such as notifying them whenever they receive a private message. The implicit grant flow does not allow permanent tokens.
|
scope |
A space-separated* list of scope strings | All bearer tokens are limited in what functions they may perform. You must explicitly request access to areas of the api, such as private messaging or moderator actions. See our automatically generated API docs. Scope Values: identity, edit, flair, history, modconfig, modflair, modlog, modposts, modwiki, mysubreddits, privatemessages, read, report, save, submit, subscribe, vote, wikiedit, wikiread. |
| Parameter | Values | Description |
|---|---|---|
grant_type |
authorization_code |
Indicates that you're using the "standard" code based flow. Other values not relevant to this flow are refresh_token (for renewing an access token) and password (for script apps only) |
code |
A string | The code your app retrieved above |
redirect_uri |
The redirect_uri registered to your app | Yes, you need it here again, and yes, it must match exactly. |