1

I've searched pretty hard for an existing answer to this question because I have a feeling that I've made a stupid mistake, so please let me know if this has been asked already and I haven't found it.

I'm trying to make a little installed app that needs to access the OAuth Reddit API, and since it's installed it has to be by the implicit grant flow.

Here is the process I'm trying to use:

I'm having the user open this URL (private info removed):

https://www.reddit.com/api/v1/authorize?client_id=[client_id]&response_type=token&state=[random_state_data]&redirect_uri=http://localhost:3000&scope=read

But when the user gets redirected after authorizing it goes to a URL that looks like this:

http://localhost:3000/#access_token=[token]&token_type=bearer&state=[random_state_data]&expires_in=3600&scope=read

The problem is that the access token is in a query? string after the fragment identifier (the #), so I can't access it from a server hosted on port 3000. Have I made a mistake with how I handled the authentication? Or is it something more subtle?

Thanks in advance for your help, and let me know if you need more information or I made a mistake in asking this question.

Benjamin Hinchliff
  • 49
  • 1
  • 4

1 Answers1

0

It turns out this is a classic case of missing something in the manual.

In the information about Reddit's Implicit grant flow:

he response from this request, if successful, will be form encoded into the fragment with the following values:

So it was totally intended behavior that I just didn't pick up on. I guess I'll just have to do some Javascript magic to get the token from the fragment to my server.

Sorry if I wasted anyone's time.

Benjamin Hinchliff
  • 49
  • 1
  • 4