There's a little bit about reddit's OAuth2 on the github wiki for reddit's source. It appears you're missing the state
parameter in the initial request.
state - You can pass a value into the authorization page that will be included in the redirect back to you if the user grants access. This is useful for preventing cross-site request forgery (CSRF). By choosing (and remembering) a sufficiently random value, you can ensure that the request that comes back to your site was initiated by visiting the authorization URL you generated.
(The quoted wiki info is incorrect in that state
is actually required; I'll update the wiki shortly)