I’m excited to be working on a side project again, even if I can only put a couple hours into it for some weeks. However, this has been a nice change of pace from work as I can do whatever the fuck I feel like. That being said let me show you how I handled obtaining a refresh token.
So this will be a small guide, but we need to go over my stack and how to obtain initial credentials.
Here’s what I am using:
- Python 3.9.10
- PRAW (The Python Reddit API Wrapper) Library
- Reddit Account
So if you know a bit about APIs, especially third party they are strict about having users just access the data without any paper trail to who uses it. So you’ll need to visit here to get credentials for API access.
I used the 8080 localhost as I am not using any other machine to access these credentials outside of my personal laptop. This could be different for you if you’re pulling temporary credentials for a service.
After filling out the fields, click
create app you’ll receive a client id and secret.
Note: The client id will be under the “personal use script” text, not immediately obvious looking at the new box.
After collecting all credentials I would run a quick Python script or open up a terminal to test the credentials based on this documentation. Once this is successful then it’s onto getting the refresh token using the current credentials. I emphasize using a refresh token as having personal user account password in any application is a security risk, and could result in loss/abuse of the account. Another major benefit is that we can control permissions for the token based on what we pass in for the authorization URL. This will limit to what the credentials can do for each call, which is a best security practice.
Now let’s grab the refresh token that I followed from this guide, which is pretty self-explanatory to use. I wanted to make a small process for this that’ll be specific for my project and can be run with a quick make target.