How to create a Custom Social Connection for Reddit OAuth login?

I’m trying to configure a Custom Social Connection for adding Reddit OAuth login to my app. When I use the “Try” button to test the connection, the Reddit authorization appears to work but when redirected back to Auth0 I see this error:

{ "error": "invalid_request" }

Authorization URL: https://www.reddit.com/api/v1/authorize

Token URL: https://www.reddit.com/api/v1/access_token

Scope: identity,read,submit,mysubreddits,vote,livemanage

Fetch User Profile Script:

function(accessToken, ctx, cb) {
  request.get('https://oauth.reddit.com/api/v1/me', {
    headers: {
      'Authorization': 'Bearer ' + accessToken
    }
  }, function(e, r, b) {
    if (e) return cb(e);
    if (r.statusCode !== 200) return cb(new Error('StatusCode: ' + r.statusCode));
    var profile = JSON.parse(b).data;
    profile.user_id = profile.id;
    cb(null, profile);
  });
}

Has anybody successfully configured a Reddit custom OAuth connection?

I never configured a Reddit connection, but based on the information you provided and existing documentation about the endpoints in question the invalid_request could point to:

There was an issue with the request sent to /api/v1/authorize

The above in addition with the fact that their authorization endpoint is documented to support a duration parameter that is not contained within the OAuth2 specification may mean that the request is failing because this parameter is not being included.

When you configure a custom OAuth2 connection you can state that additional static parameters need to be sent to the associated authorization endpoint; if you haven’t done so already you can try that approach to ensure the duration parameter is correctly passed and verify if that is the cause of the issue. See the reference documentation on how you can configure the connection to send additional parameters.

Thanks for your reply. Reddit’s duration parameter is optional and has a sane default so I don’t think this is causing the error I’m seeing (I’m able to perform OAuth 2 authentication in the PAW client without that parameter).

I’ve confirmed that adding the static param (duration) does not fix the error.

@andrhamm use the browser developer tools to review the request to the authorization endpoint and also from the authorization endpoint to the Auth0 callback URL. If the redirect already contains an OAuth2 error response this means the issue is the request to authorization endpoint, if not then it points to the exchange of the code at the token endpoint.

Auth0 Concierge program helped me solve this issue. An Auth0 engineer did a screenshare session with me to discuss the problem and helped debug it. It turns out Reddit’s OAuth2 implementation is a bit non-standard in that it requires the client ID and secret to be passed as a basic auth header on the token request as shown here in PassportJS Reddit strategy:

So the solution for implementing a working Custom Social Connection in Auth0 was to pass a static custom header with that value, which can be calculated like so:

$ node
$ function createAuthHeader(redditClientID, redditClientSecret) { return new Buffer(redditClientID + ':' + redditClientSecret).toString('base64'); }
$ createAuthHeader("CLIENT_ID", "CLIENT_SECRET")

And then set in the Custom Headers field for the connection:

{
    "Authorization": "Basic THE_GENERATED_VALUE_FROM_ABOVE"
}
1 Like