glance icon indicating copy to clipboard operation
glance copied to clipboard
verified publisher icon glanceapp

Optional OAuth2 configuration for the Reddit widget

Open s0ders opened this issue 9 months ago • 8 comments

Description

It is a known issue that, when self-hosting Glance, Reddit will block network calls to its endpoints. A potential workaround mentionned in the documentation is the use of a proxy but it is not always a feasible or optimal solution.

An other way of working around this issue is, as mentioned in this issue, to register an app on Reddit (which takes about two clicks), and use the client ID and secret to have a free and functional access to the Reddit API (using oauth.reddit.com instead of www.reddit.com) even from an instance hosted on a VPS.

This would require adding new optional configuration properties to the Reddit widget such as: app-client-id, app-secret, app-name. If these three configurations are found for a Reddit widget configuration, an access token is fetched and oauth.reddit.com endpoints are used instead of www.reddit.com.

# Example configuration for the Reddit widget using client ID and secret
widgets:
  - type: reddit
    subreddit: technology
    show-thumbnails: true
    app-name: ${REDDIT_APP_NAME} # Values stored in a .env
    client-id: ${REDDIT_APP_CLIENT_ID}
    client-secret: ${REDDIT_APP_SECRET}

Given that app-secret and app-client-id are secret values, they can be stored in a .env file and populated at runtime.

Implementing this is fairly straightforward and I have already forked the repository to make a simple implementation of that feature.

Please let me know if this is something that you are considering adding to this project or if it is out of scope.

s0ders avatar Mar 24 '25 16:03 s0ders

I was scratching my head over this and your open issue was the first result. This looks like a neat solution, hopefully this feature will get picked up.

tonylaw7 avatar Mar 26 '25 03:03 tonylaw7

I think you should create a pull request for it. At least I will like to get this feature without using that proxy solution. Thanks a lot man for implementing this

Nirzak avatar Mar 27 '25 21:03 Nirzak

Thanks for your replies. Will submit a PR for this today.

s0ders avatar Mar 28 '25 08:03 s0ders

Thanks for the PR, useful.

And I can confirm that the corresponding PR is working fine (i was also encountering these 403 errors, as i deployed glance in a dedicated server (OVH datacenters)).

Just two remarks :

  • the documentation could be a little bit more precise, about creating the reddit app :
    • "web app" type
    • about URL can be blank + redirect URI has to be filled, but anything can be put (https://glance.mydomain.tld, etc.)
  • ideally speaking the configuration in glance.yaml should be declared only once for reddit as a whole, and not one time per subreddit (ok, it's duplicated and just 4 lines, but i'm not sure it makes a lot of sense to have this kind of configuration duplicated several times)

SR-G avatar May 25 '25 00:05 SR-G

@SR-G You can use YAML anchors and aliases to avoid duplication:

define: &shared-properties
  type: reddit
  app-name: ${REDDIT_APP_NAME}
  client-id: ${REDDIT_APP_CLIENT_ID}
  client-secret: ${REDDIT_APP_SECRET}
  comments-url-template: https://redlib.fly.dev/{POST-PATH}

Each subreddit widget references this with <<: *shared-properties, so OAuth credentials are declared once and shared across all subreddit widgets. You can see a full example https://github.com/Owloops/flyo/blob/main/apps/glance/glance.yml.template#L51-L56

pgagnidze avatar Aug 12 '25 19:08 pgagnidze

@pgagnidze Thanks, good to know...

Sadly for now i'm not able to have this working (i put exactly your config / i have no errors in the logs at start time, etc., but the 403 are back).

Especially i'm not sure how the link can be done between the shared properties names and the previous configuration

For example, before i had :

              - type: reddit
                subreddit: golang
                show-thumbnails: true
                app-auth:
                  name: ${REDDIT_APP_NAME}
                  id: ${REDDIT_APP_CLIENT_ID}
                  secret: ${REDDIT_APP_SECRET}

but in your shared properties you have "client-id", etc. : how can this be mapped to "app-auth"."id" ? Or is there the need of a very recent GLANCE version ? (i'm using the regular latest official docker image)

SR-G avatar Aug 14 '25 10:08 SR-G

@SR-G You can probably still use YAML anchors:

  define: &reddit-auth
    app-auth:
      name: ${REDDIT_APP_NAME}
      id: ${REDDIT_APP_CLIENT_ID}
      secret: ${REDDIT_APP_SECRET}

  widgets:
    - type: reddit
      subreddit: golang
      show-thumbnails: true
      <<: *reddit-auth

It worked initially, but I also started having 403 errors. Reddit might still be rate-limiting requests, I am considering reducing the subreddits.

edit: Apologies about the confusion with the property names. I was testing the YAML anchors and left them there. I switched to app-auth again in the latest version.

pgagnidze avatar Aug 14 '25 10:08 pgagnidze

Ah, yes, here i understand how it can work ;) Thanks, have just put that in place, it's working on my side now (and no 403 errors, as i don't have a lot of subreddits anyway (less than 10)).

SR-G avatar Aug 14 '25 16:08 SR-G