chore(client): update new oauth path (#258)

2024-09-24 21:28:54 -04:00 · 2024-09-24 21:28:54 -04:00 · 2d6ac78acf
commit 2d6ac78acf
parent 1e54c639d3
1 changed files with 4 additions and 2 deletions
--- a/src/oauth.rs
+++ b/src/oauth.rs
@ -13,7 +13,7 @@ use tokio::time::{error::Elapsed, timeout};

 static REDDIT_ANDROID_OAUTH_CLIENT_ID: &str = "ohXpoqrZYub1kg";

-static AUTH_ENDPOINT: &str = "https://accounts.reddit.com";
+static AUTH_ENDPOINT: &str = "https://www.reddit.com";

 // Spoofed client for Android devices
 #[derive(Debug, Clone, Default)]
@ -68,7 +68,7 @@ impl Oauth {
 	}
 	async fn login(&mut self) -> Option<()> {
 		// Construct URL for OAuth token
-		let url = format!("{AUTH_ENDPOINT}/api/access_token");
+		let url = format!("{AUTH_ENDPOINT}/auth/v2/oauth/access-token/loid");
 		let mut builder = Request::builder().method(Method::POST).uri(&url);

 		// Add headers from spoofed client
@ -98,6 +98,8 @@ impl Oauth {
 		// Parse headers - loid header _should_ be saved sent on subsequent token refreshes.
 		// Technically it's not needed, but it's easy for Reddit API to check for this.
 		// It's some kind of header that uniquely identifies the device.
+		// Not worried about the privacy implications, since this is randomly changed
+		// and really only as privacy-concerning as the OAuth token itself.
 		if let Some(header) = resp.headers().get("x-reddit-loid") {
 			self.headers_map.insert("x-reddit-loid".to_owned(), header.to_str().ok()?.to_string());
 		}