Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions src/authsome/auth/bundled_providers/reddit.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
{
"schema_version": 1,
"name": "reddit",
"display_name": "Reddit",
"logo": "img.logo.dev/name/reddit",
"description": "Authenticate with Reddit API.",
"auth_type": "oauth2",
"flow": "pkce",
"oauth": {
"base_url": "https://oauth.reddit.com",
"authorization_url": "https://www.reddit.com/api/v1/authorize",
"token_url": "https://www.reddit.com/api/v1/access_token",
"authorization_method": "basic",
"authorization_params": {
"duration": "permanent"
},
"_comment": "Reddit API strictly requires HTTP Basic Auth for token exchanges rather than payload credentials. See: https://github.com/reddit-archive/reddit/wiki/OAuth2#retrieving-the-access-token"

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Switch to jsonc and add comments there

},
"api_url": "https://oauth.reddit.com",
"docs_url": "https://github.com/reddit-archive/reddit/wiki/OAuth2",
"export": {
"REDDIT_ACCESS_TOKEN": "ACCESS_TOKEN"
}
}
11 changes: 8 additions & 3 deletions src/authsome/auth/flows/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -133,15 +133,20 @@ def refresh(
payload: dict[str, str] = {
"grant_type": "refresh_token",
"refresh_token": record.refresh_token,
"client_id": client_id,
}
if client_secret:
payload["client_secret"] = client_secret
auth: tuple[str, str] | None = None
if provider.oauth.authorization_method == "basic":
auth = (client_id, client_secret or "")
else:
payload["client_id"] = client_id
if client_secret:
payload["client_secret"] = client_secret

resp = http_client.post(
provider.oauth.token_url,
data=payload,
headers={"Accept": "application/json"},
auth=auth,
timeout=30,
)
resp.raise_for_status()
Expand Down
18 changes: 13 additions & 5 deletions src/authsome/auth/flows/device_code.py
Original file line number Diff line number Diff line change
Expand Up @@ -195,12 +195,20 @@ async def poll_for_token( # noqa: PLR0912, PLR0913
"grant_type": "urn:ietf:params:oauth:grant-type:device_code",
"device_code": device_code,
}
if client_id:
payload["client_id"] = client_id
if client_secret:
payload["client_secret"] = client_secret
auth: tuple[str, str] | None = None
if provider.oauth.authorization_method == "basic":
auth = (client_id or "", client_secret or "")
else:
if client_id:
payload["client_id"] = client_id
if client_secret:
payload["client_secret"] = client_secret
resp = requests.post(
provider.oauth.token_url, data=payload, headers={"Accept": "application/json"}, timeout=30
provider.oauth.token_url,
data=payload,
headers={"Accept": "application/json"},
auth=auth,
timeout=30,
)
except requests.RequestException as exc:
logger.warning("Token poll request failed: {}, retrying...", exc)
Expand Down
13 changes: 10 additions & 3 deletions src/authsome/auth/flows/pkce.py
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ async def begin( # noqa: PLR0913

state = secrets.token_urlsafe(32)
auth_params: dict[str, str] = {
**provider.oauth.authorization_params,
"response_type": "code",
"client_id": client_id,
"redirect_uri": redirect_uri,
Expand Down Expand Up @@ -147,17 +148,23 @@ async def _exchange_code( # noqa: PLR0913
"grant_type": "authorization_code",
"code": auth_code,
"redirect_uri": redirect_uri,
"client_id": client_id,
"code_verifier": code_verifier,
}
if client_secret:
payload["client_secret"] = client_secret

auth: tuple[str, str] | None = None
if provider.oauth.authorization_method == "basic":
auth = (client_id, client_secret or "")
else:
payload["client_id"] = client_id
if client_secret:
payload["client_secret"] = client_secret

try:
resp = http_client.post(
provider.oauth.token_url,
data=payload,
headers={"Accept": "application/json"},
auth=auth,
timeout=30,
)
resp.raise_for_status()
Expand Down
2 changes: 2 additions & 0 deletions src/authsome/auth/models/provider.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,12 @@ class OAuthConfig(BaseModel):
#: ``json`` = poll token URL with ``POST`` JSON body ``{"device_code": "..."}`` (e.g. Postiz CLI auth).
device_token_request: Literal["oauth2_form", "json"] = "oauth2_form"
scopes: list[str] = Field(default_factory=list)
authorization_params: dict[str, str] = Field(default_factory=dict)
pkce: bool = True
supports_device_code: bool = False
supports_dcr: bool = False
base_url: str | None = None
authorization_method: Literal["body", "basic"] = "body"

model_config = {"extra": "allow"}

Expand Down
2 changes: 1 addition & 1 deletion uv.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading