Add environment-variable cookie auth (no browser profile access)#17
Open
chongheado wants to merge 1 commit into
Open
Add environment-variable cookie auth (no browser profile access)#17chongheado wants to merge 1 commit into
chongheado wants to merge 1 commit into
Conversation
Reddit (2026) now blocks anonymous .json access behind a browser JS anti-bot challenge, and self-service OAuth app registration is closed, so a browser-established cookie is required. This lets users supply that cookie themselves β WITHOUT the tool reading their browser profile files β via environment variables, and demotes browser extraction to a last resort. Credential chain is now: env β saved file β browser (browser kept, last). Environment variables (read fresh each run, never persisted to disk): - RDT_COOKIE : full raw Cookie header (most robust; whole session set) - RDT_SESSION : reddit_session value (convenience) - RDT_MODHASH : optional modhash (enables write actions) Public/read-only commands also no longer silently extract browser cookies (optional_auth passes allow_browser=False; anonymous runs don't browser-refresh on session expiry), so setting RDT_COOKIE β or nothing β never touches the browser for public browsing. - auth.py: parse_cookie_header(), extract_env_credential(), get_credential(allow_browser=...) chain (env-first, browser-last) - session.py: anonymous token_v2 cookie counts as read-capable - commands: optional_auth() never extracts browser; status/login/ require_auth messages point users to RDT_COOKIE - README: env-var auth section + step-by-step "get your cookie" guide - tests: test_env_credential.py, test_public_no_browser.py, conftest env isolation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds an environment-variable credential source so rdt-cli can authenticate without reading the local browser's cookie database.
Credential priority is now env β saved file β browser (browser extraction is kept, but demoted to a last resort):
RDT_COOKIEβ full rawCookieheader (most robust; carries the whole session set)RDT_SESSION(+ optionalRDT_MODHASH) β convenience for just the session cookie / write capabilityEnv credentials are read fresh each run and are never written to disk. Public/read-only commands also no longer silently trigger browser cookie extraction, so setting
RDT_COOKIE(or nothing at all) never touches the browser.Why
Reddit now blocks anonymous
.jsonaccess, so a browser-established session cookie is required. Some users and environments (CI, servers, privacy-conscious setups) don't want the tool reading their local browser profile files. Supplying the cookie via an env var solves this without changing the tool's architecture.Testing
python -m pytest -qβ 146 passed, 66 deselected (addstests/test_env_credential.pyβ 16 tests;tests/conftest.pyisolatesRDT_*from the test runner's env)ruff check .β cleanRDT_COOKIE(no browser launched, no profile files read):rdt status --jsonβ"authenticated": true, "source": "env"rdt whoamiβ resolves the accountrdt popular -n 5β returns real postsDocs
README gains an environment-variable auth section and a step-by-step "get your cookie" guide.