top | item 36331968

(no title)

keneda7 | 2 years ago

>You've hidden a subtle semantic shift here. This discussion is centered around personal use, yet you're drawing a line outside commercial use as if they were the same thing.

Claiming this is about personal use is the semantic shift not what I said. You are trying to shift back to that because you know if you have a good faith discussion you have no legs to stand on. The reddit changes target commercial use plain and simple.

If you create an app that loads reddit content from its APIs for only you to use, these changes are going to have very little no effect on you. That app would be personal use and if you incurred charges for your API use they would be very small (or you are abusing or spamming the API which both are against its terms of use).

The most public part of this has probably been the Apollo dev vs reddit. Apollo is commercial. Using Apollo to browse reddit used the Apollo API key not your accounts API key. The crazy charges the Apollo dev listed are due to tens (hundreds) of thousands of reddit users using the Apollo API key to access reddit. That is not personal use. That is a commercial entity using its own API key to access reddit's API.

discuss

AlotOfReading|2 years ago

> If you create an app that loads reddit content from its APIs for only you to use, these changes are going to have very little no effect on you.

This isn't correct. The API restrictions are per client id, so your app must be limited to you specifically. Having different accounts that share a client id is the whole purpose of Oauth. It's entirely orthogonal to commercial use. The changes affect everything from moderation bots to non-commercial clients to archival services and everything else.

keneda7|2 years ago

>This isn't correct. The API restrictions are per client id, so your app must be limited to you specifically.

It is exactly correct. I said you build an app for ONLY YOU TO USE. You can still use multiple reddit accounts that you control but no one else is using your API key. Or put another way, you register an API key and then grant that API key access to all your reddit accounts (using OAuth most likely). No other persons reddit account would be using your API Key.

Also that is not the whole purpose of OAuth. You have been able to attach multiple accounts to a single clientId for decades. There are still plenty of sites using SAML that have multiple user accounts tied to one clientId. In fact you can very simply do this today without OAuth. Make a table called clients that owns a table called users. Any user that logs in will have a record in the users table you look up using their userId and then look at the clientid or apikey attached to the parent client record. Then use the clientId/apikey to access any resources you need.

OAuth is delegate authorization framework. Its purpose was to give users the ability to give a system limited access to their data without giving that system their password. It allows you to seperate Authentication and Authorization. Here is a good link to learn about OAuth: https://developer.okta.com/blog/2017/06/21/what-the-heck-is-...