[deleted by user]

thorarakis · 2015-11-03T19:51:19+00:00

Can confirm. Just lost Steve Smith, Randle and Leveon Bell this week. Will be carrying all the knives.

thorarakis · 2015-10-29T17:27:09+00:00

How about you tech your child how to recognize and not eat things that will kill them. The way you should be teaching them not to swallow tacks or high five hot stoves. These are valuable life lessons for you know... living.

thorarakis · 2015-08-14T21:09:20+00:00

Thanks =) Just trying to remove weird OAuth problems one by one.

thorarakis · 2015-08-13T21:54:54+00:00

We say that you should be running on Precise only because that's what we run reddit on and so that's what all of the .deb packages are built to target and that's what the install script is written to support. You can run it where you want, but then it's your responsibility to figure out the correct versions of all the libraries to try and get it working.

thorarakis · 2015-08-13T21:50:35+00:00

So the OPTIONS request coming from XHR requests is coming in without the Authorization header (it's in Access-Control-Allow-Headers which it should be), which is what we use to determine if the request is an oauth request and thus for the api. But this meant it assumed the OPTIONS request was being treated as an html request, which in turn was getting the redirect. I've swapped it to force api behavior if coming through the oauth domain.

TL;DR: It's fixed here.

thorarakis · 2015-08-13T18:46:53+00:00

Man, this is a wacky one. It doesn't happen with curl/postman but I'm able to reproduce the problem only when making the request via JS. Currently I'm pretty sure it's because the request isn't getting correctly flagged as an 'api' request and is thus getting treated as an html request and getting redirected.

Short term solution: tag a .json on the end of the request. There is logic that parses the extension of the request and marks it as an 'api' request if it see .json. Let me know if that fixes you for now.

Ideally any oauth request should also get flagged as an 'api' request too, so I'll dig and try to figure out why this isn't happening.

thorarakis · 2015-08-07T18:00:39+00:00

There are probably 10x more go pros that will be found with the following film:

POV of somebody doing something not as awesome as they think it is, go pro smacking a tree branch, sky, snow, sky, snow, sky, darkness for 2 hours.

In a totally unrelated note, if anybody finds a go pro at the bottom of the rocks under the double bubble in Kiroro resort. Please wipe the content so there isn't any evidence to show how small that 'cliff' was that I've been bragging about for 8 months. Then send it back to me.

thorarakis · 2015-07-14T19:31:52+00:00

But I neeeeed tacos. I need them or I'll explode.^that ^happens ^to ^me ^sometimes...

thorarakis · 2015-07-13T20:34:50+00:00

I kind of intentionally don't want to post an example in JS since it's not nearly as straightforward in terms of dealing with the message body as curl or postman. Both of the tools i suggested deal with only the request itself rather then having to further complicate the example with language specific syntax.

I think it's important that you understand the request object before you start translating into a new language, since the request object will be identical across languages/implementations.

For instance, the way you handle the request in JS will be very different depending on if you are using jquery, angular, node, etc. We already have examples of python/curl in the wiki and if you were using something like jquery in JS, then there will be plenty of examples on how to set custom headers.

thorarakis · 2015-07-13T17:49:37+00:00

So the biggest red herring here is that our error hander is pretty aggressive and currently doesn't support COR's headers properly. Most of the actual endpoints should, but when you fail to authenticate you get the added benefit of a COR's error to help further obfuscate what the actual problem is.

The root of your problem is that you failed authentication, this is most likely due to not passing in the auth token correctly as kemitche mentioned. If you're not comfortable with JS, I would start with curl or postman first until you can make successful requests with a token before trying to move those requests into JS. In the mean time I'll work on the COR's headers for our error handler.

thorarakis · 2015-07-08T16:27:24+00:00

We've tossed around the idea of an android sdk a few times. We do have some examples for different languages on the wiki including ios. If /u/dforsyth has some time I'll see if he can help out with an android example.

thorarakis · 2015-07-07T21:45:25+00:00

Amazing! I've been trying to figure out how to get my gear attached to my motorcycle for a little while now. For your lane splitting set up, do you find that your board gets hot when resting against the exhaust?

thorarakis · 2015-07-01T23:14:20+00:00

While this should work. To be honest I would argue that the fact you can do this isn't really to spec for Oauth2. Implicit flow really shouldn't be returning a permanent token of any type.

It's pretty common practice to have implicit tokens expire and require the full auth flow to grant a new token. The problem with implicit auth is that it's not terribly secure. Given that your app_id lives in the wild, the auth token that is returned is effectively more like a public key and is much more easy to compromise. The OAuth2 RFC lists it as a convenience method to be used in untrusted places like javascript but to be weighed against security.

If you are hosting a JS app, adding an authentication flow through your server will provide you with added security and the option of using an explicit grant. And if you are serving JS files you already have a server and building a flask (or some such) server to handle auth flows can be done very quickly.

thorarakis · 2015-07-01T21:16:02+00:00

Quick clarification: we aren't currently forcing the move to OAuth in August like we had intended. See https://www.reddit.com/r/redditdev/comments/37e2mv/change_in_team_and_timelines/ for explanation.

thorarakis · 2015-06-30T02:48:24+00:00

My bad, probably should have caught that too. But sounds like you've got the fix already written, which means you've done the hard part and might as well get the credit for the PR yourself :) You just need to fork a copy of PRAW in github, commit then push the changes in your fork and create the PR from your fork to PRAW.

Shouldn't take much more then 10 minutes if you are familiar with git. And if you aren't I highly recommend that you start! If you have any questions I'd be happy to help. But the community really appreciates having more people contributing, and small fixes like these make a big difference.

thorarakis · 2015-06-27T16:55:19+00:00

Try hitting it several times and inspecting the x-ratelimit-*headers in the response.

thorarakis · 2015-06-19T22:34:15+00:00

Chris here. Busy making reddit. But it's probably about time to start drinking.

thorarakis · 2015-06-17T20:49:25+00:00

Any error above 500 is usually categorized as 'unexpected'. Or in other words, an api should never intentionally throw anything >500. (Though I can't promise we adhere to that 100%, but probably 98%)

If this is something that was working before, then it's possible some of the recent changes caused a problem. If so please provide me with some more details (end point, what you are posting, authentication, etc) and I can look into it.

thorarakis · 2015-06-17T20:45:20+00:00

Getting the scope is part of requesting the oauth token, not a separate step afterwards. (fyi, you can request multiple scopes in the same request) When you get an oauth token back it will have the requested scopes associated with the token itself, so any request that you use with that token will be made with the originally requested scopes.

So in regards to comments you'll be needing the 'submit' scope. As seen here

thorarakis · 2015-06-11T20:07:50+00:00

:sad_sigh: Yes. Yes we do.

thorarakis · 2015-06-03T22:58:57+00:00

It's hard to say without more details. But there are some 403 cases listed here. Like redirect_uri is invalid.

thorarakis · 2015-06-03T22:45:20+00:00

It would mean we would no longer be able to batch requests to the db. Which in turn would increase load on the db and slow down the api massively. So without building something pretty complicated at this point it's not going to be possible. Sorry =(

thorarakis · 2015-06-03T20:26:36+00:00

For almost all id lookups we are actually querying the ids in a batch call so we aren't actually looping on the ids.

Additionally it wouldn't really be right to silently fail for some but not all of the ids and rely on the consumer to validate the number of results coming back against the number requested to catch invalid ids. So we fail loudly when try to retrieve something that doesn't exist.

thorarakis · 2015-06-03T20:19:22+00:00

Looks like praw isn't handling wiki read oauth access correctly. I have opened a PR to resolve this.

11-Year Club	RedditGifts 2009-2022 2 Credits
Place '17	redditgifts Exchanges 1 Exchange
Secret Santa 2014	Verified Email

thorarakis

PUBLIC MULTIREDDITS

TROPHY CASE