Reddit oauth2 authentication strategy for passport.js
JavaScript Makefile
Switch branches/tags
Nothing to show
Latest commit f358d10 Jul 10, 2016 @Slotos Slotos committed on GitHub Merge pull request #13 from abdulhannanali/patch-1
remove reddit state opinon line from

Passport-Reddit Build Status Coverage Status

Passport strategy for authenticating with Reddit using the OAuth 2.0 API.

This module lets you authenticate using Reddit in your Node.js applications. By plugging into Passport, Reddit authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.


$ npm install passport-reddit


Configure Strategy

The Reddit authentication strategy authenticates users using a Reddit account and OAuth 2.0 tokens. The strategy requires a verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret, and callback URL.

passport.use(new RedditStrategy({
    callbackURL: ""
  function(accessToken, refreshToken, profile, done) {
    User.findOrCreate({ redditId: }, function (err, user) {
      return done(err, user);

Authenticate Requests

Use passport.authenticate(), specifying the 'reddit' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.get('/auth/reddit', function(req, res, next){
  req.session.state = crypto.randomBytes(32).toString('hex');
  passport.authenticate('reddit', {
    state: req.session.state,
    duration: 'permanent',
  })(req, res, next);

app.get('/auth/reddit/callback', function(req, res, next){
  // Check for origin via state token
  if (req.query.state == req.session.state){
    passport.authenticate('reddit', {
      successRedirect: '/',
      failureRedirect: '/login'
    })(req, res, next);
  else {
    next( new Error(403) );
state option use

Reddit requires state, otherwise erring out. I've decided to opt out of providing default state, since it kills the whole purpose of the flag. If you don't want to use it, provide any string and don't check for it on user return.

Also included is the optional duration parameter, to request a slightly longer authorization. Defaults to temporary (1 hour). Defined in the official Reddit OAuth spec


For a complete, working example, refer to the login example.


$ npm install --dev
$ make test



The MIT License

Original work Copyright (c) 2012-2013 Jared Hanson <>

Modified work Copyright (c) 2013 Dmytro Soltys <>

Modified work Copyright (c) 2013 Brian Partridge <>