Skip to content

Instantly share code, notes, and snippets.

@prmichaelsen

prmichaelsen/usecase.md

Created March 11, 2026 15:40
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save prmichaelsen/7b7a249b50cfb5e593cebeb430236739 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save prmichaelsen/7b7a249b50cfb5e593cebeb430236739 to your computer and use it in GitHub Desktop.
Download ZIP
Reddit OAuth Usecase for agentbase.me
Raw
usecase.md

What I'm Building

I'm building reddit-mcp — an MCP (Model Context Protocol) server that integrates Reddit API with AgentBase.me, a secure multitenant chat platform. This enables AI agents on AgentBase to interact with Reddit on behalf of authenticated users.

GitHub: https://github.com/prmichaelsen/reddit-mcp

What it does:

  • AI agents on AgentBase can browse subreddits, search Reddit, read comments
  • AI agents can post, comment, vote, save content on behalf of the authenticated user
  • AI agents can manage messages, moderate subreddits, edit wiki pages
  • Implements 88 Reddit API endpoints as MCP tools

Technical architecture:

  • MCP server designed for multitenant deployment (not in-platform Reddit app)
  • Integrates with AgentBase.me's secure mcp-auth infrastructure
  • Uses JWT scheme + credentials pattern (fetch OAuth token) — same pattern AgentBase uses for YouTube (youtube-mcp), Instagram, etc.
  • Factory export (./factory) that accepts access tokens from AgentBase's OAuth proxy
  • TypeScript/Node.js, deployed on Google Cloud Run (independent infrastructure)

Example use case:

A user on AgentBase.me connects their Reddit account via OAuth. They can then ask their AI agent:

  • "Check what's trending on r/typescript today"
  • "Post this code snippet to r/learnprogramming with the title..."
  • "Reply to my unread messages on Reddit"
  • "Help me moderate r/mysubreddit — show me the mod queue"

AgentBase handles OAuth flow centrally; reddit-mcp receives pre-authenticated tokens via the factory pattern.

Why Devvit Cannot Support This Use Case

Devvit is for in-platform apps, not external integrations:

1. Deployment Model

  • Devvit: Apps are uploaded via devvit upload and run on Reddit's infrastructure
  • reddit-mcp: Runs on independent infrastructure (Google Cloud Run) as a multitenant MCP server, integrated with AgentBase.me via mcp-auth (similar to their YouTube, Instagram integrations)

2. User Authentication

  • Devvit: Uses Reddit's built-in session context — apps inherit the logged-in user automatically
  • reddit-mcp: Uses OAuth authorization code flow via AgentBase's mcp-auth proxy — users authorize Reddit on AgentBase.me, tokens are passed to reddit-mcp via factory pattern

3. Multi-User Support

  • Devvit: Each app instance is tied to Reddit's platform; auth is implicit
  • reddit-mcp: Multitenant architecture — supports any AgentBase user connecting their Reddit account via OAuth, with per-user token isolation

4. Integration Ecosystem

  • Devvit: Integrates with Reddit UI (custom posts, menu actions, forms)
  • reddit-mcp: Integrates with AgentBase.me's AI agent platform via MCP protocol, alongside existing GitHub, Instagram, YouTube integrations

5. Independence

  • Devvit: Apps run in Reddit's sandbox — cannot be used outside Reddit
  • reddit-mcp: External MCP server that connects AgentBase's AI agents to Reddit API, runs on independent infrastructure (Google Cloud Run), integrates with AgentBase via mcp-auth

Why I Need OAuth API Access (Not Script Apps)

Script Apps Won't Work

Reddit's "script" application type uses password grant flow:

reddit = praw.Reddit(
    username="myuser",
    password="mypassword",
    client_id="...",
    client_secret="..."
)

Problems:

  1. Single-user only: Script apps only work for the account that owns the app
  2. Security: Users must share their password with the tool (unacceptable)
  3. 2FA breaks it: 2FA tokens expire hourly, requiring re-authentication
  4. Can't support multiple users: Each user running reddit-mcp would need their own app registration

OAuth Authorization Code Flow Is Required

For a multi-user external tool, OAuth 2.0 authorization code flow is the only option:

  1. User authorizes via Reddit's UI (redirects to reddit.com, user approves scopes)
  2. No password sharing — users never give credentials to my tool
  3. Refresh tokens — long-lived access without re-authentication
  4. Multi-user support — any Reddit user can connect their account
  5. Granular scopes — users see exactly what permissions they're granting

My current implementation (src/auth/oauth.ts in the repo):

  • ✅ Authorization code flow with PKCE
  • ✅ Automatic token refresh (5-min buffer before expiry)
  • ✅ Secure token storage (mode 0o600)
  • ✅ Per-user token isolation (can be extended for multi-tenant deployments)

Comparison: Devvit vs reddit-mcp

Feature Devvit reddit-mcp (my tool)
Runs where? Reddit's infrastructure Independent infrastructure (Google Cloud Run)
For what? In-platform apps (menus, custom posts) External AI agent integrations
Auth method Automatic (inherits user session) OAuth 2.0 via AgentBase mcp-auth proxy
Use case Extend Reddit UI/features Connect AgentBase AI agents to Reddit API
Deployment devvit upload to Reddit Deployed on Google Cloud Run (independent)
Multi-user Each app instance is per-subreddit Multitenant — each AgentBase user has isolated token
Integration Reddit-native UI components MCP protocol (AgentBase chat platform)

Why This Needs API Access Approval

Under Reddit's Responsible Builder Policy, I need OAuth API access because:

  1. Cannot be built with Devvit — Devvit doesn't support external platform integrations like AgentBase.me
  2. Multitenant platform integration — Requires OAuth authorization code flow (not script apps) to support AgentBase's user base
  3. Legitimate use case — Enables AI agents on AgentBase to interact with Reddit safely and transparently, following the same secure OAuth pattern as their GitHub, Instagram, YouTube integrations
  4. Open source — Code is public at https://github.com/prmichaelsen/reddit-mcp
  5. Secure architecture — AgentBase's mcp-auth handles OAuth flow centrally; reddit-mcp receives pre-authenticated tokens via factory pattern
  6. Respects rate limits — Implements rate limit awareness, retry logic, scope minimization

Alternative Auth Methods Considered

Method Why it doesn't work
Devvit Only for in-platform apps, not external tools
Script apps (password flow) Single-user only, requires password sharing, 2FA breaks it
Client credentials (app-only) Read-only, can't perform user actions (post/vote/comment)
Read-only (no auth) Extremely limited, no personalized feeds or write operations

Conclusion: OAuth 2.0 authorization code flow is the only viable option for an external multi-user tool that needs read+write Reddit API access.

What I'm Asking For

OAuth API access approval to integrate Reddit with AgentBase.me, a secure multitenant AI chat platform.

  • Platform: AgentBase.me already integrates YouTube (youtube-mcp), Instagram, GitHub via OAuth — adding Reddit using the same secure pattern
  • Architecture: AgentBase's mcp-auth proxy handles OAuth flow; reddit-mcp receives tokens via factory pattern (same JWT + credentials fetch pattern as youtube-mcp and instagram-mcp)
  • User flow: AgentBase users authorize Reddit via standard OAuth consent flow on AgentBase.me
  • Security:
    • AgentBase uses Firebase Authentication to protect user credentials
    • OAuth tokens stored securely and never exposed directly to AI agents
    • Follows AgentBase's established mcp-auth credentials pattern
    • Respects Reddit's rate limits (100 QPM) and API guidelines
  • Open source: Code is public at https://github.com/prmichaelsen/reddit-mcp
  • Cannot be built with Devvit: Devvit doesn't support external platform integrations

This is an explicit OAuth authorization code flow request. There is no suitable Devvit pattern for this use case — external platform integrations require OAuth API access.

Is there a formal application process for the Responsible Builder Policy?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment