Skip to content
Pascal Pfiffner edited this page Sep 2, 2016 · 2 revisions

The OAuth2CodeGrant automatically adds a Basic authorization header when a client secret is set. This means that you must specify a client_secret; if there is none (like for Reddit) specify the empty string. There is a RedditLoader example in the OAuth2App sample app for a basic usage example.

If you wish to also get a refresh token, you must add the additional parameters duration: permanent to the auth request. Starting with version 3.0 this can be done via the settings dict, as shown here:

var oauth2: OAuth2CodeGrant = OAuth2CodeGrant(settings: [
    "client_id": "abcxyz",
    "client_secret": "",
    "authorize_uri": "https://www.reddit.com/api/v1/authorize",
    "token_uri": "https://www.reddit.com/api/v1/access_token",
    "scope": "identity",      // comma-separated, not space-separated scopes!
    "redirect_uris": ["oauthapp://oauth/callback"],   // register scheme in Info.plist
    "parameters": ["duration": "permanent"],
])

For Reddit's Application Only OAuth, you don't get a secret for installed apps, which is why you can't use a standard client credentials flow. Use the supplied OAuth2ClientCredentialsReddit class and don't forget to add a device_id.

Clone this wiki locally