-
Notifications
You must be signed in to change notification settings - Fork 279
Pascal Pfiffner edited this page Sep 2, 2016
·
2 revisions
The OAuth2CodeGrant
automatically adds a Basic authorization header when a client secret is set.
This means that you must specify a client_secret; if there is none (like for Reddit) specify the empty string.
There is a RedditLoader example in the OAuth2App sample app for a basic usage example.
If you wish to also get a refresh token, you must add the additional parameters duration: permanent
to the auth request.
Starting with version 3.0 this can be done via the settings dict, as shown here:
var oauth2: OAuth2CodeGrant = OAuth2CodeGrant(settings: [
"client_id": "abcxyz",
"client_secret": "",
"authorize_uri": "https://www.reddit.com/api/v1/authorize",
"token_uri": "https://www.reddit.com/api/v1/access_token",
"scope": "identity", // comma-separated, not space-separated scopes!
"redirect_uris": ["oauthapp://oauth/callback"], // register scheme in Info.plist
"parameters": ["duration": "permanent"],
])
For Reddit's Application Only OAuth, you don't get a secret for installed apps, which is why you can't use a standard client credentials flow.
Use the supplied OAuth2ClientCredentialsReddit
class and don't forget to add a device_id
.