Cannot authorise with reddit via oauth2

Question

I am trying to implement oauth2 with reddit and im running into problems at every step of the way, i was using an oauth library for codeigniter but that wouldnt work, so i decided to scrap it and try to do it myself.

this is the authorize request, if im not logged in on reddit i get the login page, if i am or after logging in i get an error.

https://ssl.reddit.com/api/v1/authorize?response_type=code&client_id=myclientid&scope=identity&redirect_uri=http%3A%2F%2Fmydomain.com%2Fregister

and it redirects me back to here:

mydomain.com/register?state=None&error=invalid_request

i cant find any useful documentation on the Reddit oauth implementation.

Answer 1

There's a little bit about reddit's OAuth2 on the github wiki for reddit's source. It appears you're missing the state parameter in the initial request.

state - You can pass a value into the authorization page that will be included in the redirect back to you if the user grants access. This is useful for preventing cross-site request forgery (CSRF). By choosing (and remembering) a sufficiently random value, you can ensure that the request that comes back to your site was initiated by visiting the authorization URL you generated.

(The quoted wiki info is incorrect in that state is actually required; I'll update the wiki shortly)