Reddit authentication strategy for Passport.


Passport strategy for authenticating with Reddit using the OAuth 2.0 API.

This module lets you authenticate using Reddit in your Node.js applications. By plugging into Passport, Reddit authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.

$ npm install passport-reddit

The Reddit authentication strategy authenticates users using a Reddit account and OAuth 2.0 tokens. The strategy requires a verify callback, which accepts these credentials and calls done providing a user, as well as options specifying a client ID, client secret, and callback URL.

passport.use(new RedditStrategy({
    callbackURL: ""
  function(accessTokenrefreshTokenprofiledone) {
    User.findOrCreate({ redditId: }, function (erruser) {
      return done(err, user);

Use passport.authenticate(), specifying the 'reddit' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.get('/auth/reddit', function(reqresnext){
  req.session.state = crypto.randomBytes(32).toString('hex');
  passport.authenticate('reddit', {
    state: req.session.state,
    duration: 'permanent',
  })(req, res, next);
app.get('/auth/reddit/callback', function(reqresnext){
  // Check for origin via state token 
  if (req.query.state == req.session.state){
    passport.authenticate('reddit', {
      successRedirect: '/',
      failureRedirect: '/login'
    })(req, res, next);
  else {
    next( new Error 403 );

Notice the state option use Reddit requires state, otherwise erring out. I've decided to opt out of providing default state, since it kills the whole purpose of the flag. If you don't want to use it, provide any string and don't check for it on user return. If you think this is a stupid requirement, fill an issue with reddit. Once they remove it, this middleware will simply work.

Also included is the optional duration parameter, to request a slightly longer authorization. Defaults to temporary (1 hour). Defined in the official Reddit OAuth spec

For a complete, working example, refer to the login example.

$ npm install --dev
$ make test

The MIT License

Original work Copyright (c) 2012-2013 Jared Hanson <>

Modified work Copyright (c) 2013 Dmytro Soltys <>

Modified work Copyright (c) 2013 Brian Partridge <>