Authenticating to Reddit with Python Flask and PRAW

Enable users authenticate to Reddit securely via your Python Application with Oauth

In this article I’ll explain how to let users sign in to their Reddit account from your Python based application using a concept of OAuth. You might be building an API or a web-server that uses Reddit data and you want to enhance the experience by allowing Reddit users to authenticate and provide you their permission. There are numerous ways to allow the user to sign in, the most trusting and secure way is to not touch their credentials at all.

Photo by Jan Kopřiva from Pexels

Requirements

The minimum requirements for this project are:

How does OAuth work?

In basic terms, the user visits your site where they are prompted in some way to sign-in. The sign-in action triggers their browser to redirect to Reddit.com where your web server has asked for permission to their account.

  • Post
  • Delete Comments/Posts
  • Update profile

Setting up a Developer Account

The first step before we can begin is to register an application with Reddit. This is easily done with any Reddit account. I recommend for testing you use a throw-away account just in case you perform an action that gets your account banned or muted.

Select User Settings from top-right menu
Select the Safety & Privacy tab
Select Manage third-party authorization
Click create an app
Create a Web App and use http://localhost:8080 as redirect URI
Record your Client ID (Next to icon) and Client Secret

Setting up Flask and PRAW

Using your IDE/Editor of choice create a new work space and a single python file called main.py

Our initial setup

Your first route

We now want to create our index route, this is the first route users will hit when they visit our web-server. Just below your previous code add the following:

Prompt the user to authenticate
  1. Otherwise, we return HTML that will direct the user to the route to authorize our application. We send them a link to another endpoint we’ll create next called /authorize.

Prepare for Authorize

Below your previous route, create a new route pointing at /authorize. Here we will setup the scopes/permissions we want from the user and format a URL to redirect the user to Reddit.

Authorize Route

The Callback

This route will handle the process after the user has approved the request. Reddit will send the user to this endpoint with an authorization code and our UUID.

Callback Route
  • Code — this is an authorization code from Reddit
  • Error — any errors Reddit has encountered with our request

The Process in Action

The user visits our site, they haven’t authenticated so they are presented the with the following:

The user has the option to sign in
Here we can approve or deny the request
Woohoo! it works…

What’s Next?

You should now create a route to clear the session. The below example clears the session but does not relinquish permissions for the user.

Clear the session data
  • Build a utility to delete comments
  • A application to schedule posts
  • An auto reply bot

Other things to improve on:

  1. Store the token in session so when the user returns they don’t need to re-approve permissions (we already have permission, we just lose the token).
  2. Let the user revoke permissions from our end.
  3. Use HTTP requests instead of PRAW — Future project

Consultant, Design Engineer working in Finance, interested in learning new things and sharing what I know.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store