bug: Boost for Reddit 403 errors

[verm]

Bug description

Boost for Reddit now gives a 403 error. While I'm not certain it is most likely the User-Agent as there is a post to redditdev about this:

• https://old.reddit.com/r/redditdev/comments/1j2sgxw/please_ensure_your_useragents_are_unique_and/

I can confirm using apktool modifying the User-Agent fixes the problem.

There is a suggested fix below: #4549 (comment) from @wchill

Error logs

There are none but Boost gives a response there is a `403` error from Reddit.

Solution

The patch needs to be updated with new user input fields to allow customising the User-Agent as per Reddits requirements:

The best solution may just be to allow for a fully editable User-Agent with a suggestion of the format required by Reddit.

Change your client's User-Agent string to something unique and descriptive, including the target platform, a unique application identifier, a version string, and your username as contact information, in the following format:
<platform>:<app ID>:<version string> (by /u/<reddit username>)

Additional context

I think what has happened is the API key for the old app has been pulled that is causing 403 in one case. The ReVanced patch uses a random number for the platform which is now banned -- any set of random characters are banned and they have explicitly called out random integers which the ReVanced app uses.

Acknowledgements

• I have checked all open and closed bug reports and this is not a duplicate.
• I have chosen an appropriate title.
• All requested information has been provided properly.

[oSumAtrIX]

That is already the case:

Reddit API is broken as usual.

[verm]

I did see that. I'm not sure how a random string is going to be allowed as the Platform name especially numbers. They're expecting a real platform the sample they use is android and a descriptive name The default redirectUri will need to be changed too.

http://rubenmayayo.com has been down for a long time as well.

[oSumAtrIX]

The patch was added because it didnt work without it. Now Reddit breaks its API again and now we have to remove it again, just to add it back later again when they break their API again. If you want, you can compile the patches without it and see if it helps.

[verm]

Thanks I'll give it a shot. I never used the ReVanced patch but relied on being a moderator which had an exception. This breakage is most likely User-Agent as stated in that Reddit post above they explicitly call out the usage a set of integers or random characters. The User-Agent of the old app does not follow the updated guidelines.

Just trying to figure out how to create a custom patch and testing it I will report back on how it goes thank you!

[oSumAtrIX]

I don't have the apk, but as far as I know the app does follow the required user agent format. The unpatched app uses android as the platform.

[verm]

I think what has happened is the developer key for the app has been pulled so the old app no longer works and ReVanced won't work because if you set your own API key it uses random numbers for the platform which is now banned.

[netjordanlee]

That is already the case:

Reddit API is broken as usual.

To quote the reddit admins post

It means if your user-agent is, for instance, nothing but a set of integers or random characters, then it's very likely that we've blocked or will block your bot.

So that is why the patch needs to be changed. Effectively it seems like reddit is specifically trying to target how revanced patches in user-agent information to thoroughly kill-off holdouts.

I think a return of custom user agent as an option for patches is necessary to allow people to respond to policy changes like this.

[wchill]

FYI, I just modified the patch set to include an option to change the user agent (as someone had mentioned changing the user agent worked for them). The app does work again. That being said, I'm still not able to login; the app only works as an anonymous user. Works when logged in as well, I messed up the redirect URL.

My changes are not suitable for merging into the main branch at this time, as I only made it work for Boost, and other apps are likely to require similar changes at some point.

For anyone who knows how to use revanced-cli, you can use this change: wchill@549f416

I tried creating a GitHub release on my fork but was unsuccessful in getting it to show up in ReVanced Manager.

[ZenithRogue]

Lmk if you get it to show up in the manager @wchill

[wchill]

@oSumAtrIX: fyi, another user on reddit mentioned that just having rubenmayayo anywhere in the user agent causes the API call to get the OAuth access token to fail. So this issue is not a duplicate of #4530 and a fix will be needed.

[verm]

@wchill I patched it manually using apktool and got it to work fine so I can confirm along with you that this can be fixed.

[remghoost]

@wchill Thanks a ton for the ping on reddit!
Guess I don't have to learn kotlin today. haha.

edit - Also, I'm getting the Oauth failure on my end (doing it all by hand).
Going to go back through and double-check my process.

Might be worth scrubbing their name from everywhere in the app (since it's all over the place)
Just in case they check more than just the useragent later.

Not sure how difficult that is to do though...

[wchill]

You should be able to use my changes now by pointing ReVanced Manager to wchill/revanced-patches as shown below:

I won't be maintaining this fork, so only use it to patch Boost until this issue is fixed in the main repo.

For OAuth client ID, go to https://www.reddit.com/prefs/apps and create a new "Installed app" (or use an existing one if you already created one). Fill in the name and redirect URI (make sure this is set to http://127.0.0.1:8080 - it should be exactly as shown in the patcher options). The client ID is the random looking text that shows up below "Installed app" after you create the app.

For redirect URI, you can leave it as is (http://127.0.0.1:8080).

For user agent, use android:com.username.reddit:v1.0 (by /u/username). Replace username with your username accordingly.

[S34NW]

Getting a 400 bad request error with your patch and swapping out wchill for my username, any way I can get more info to diagnose?

Logged in and it works, 'doh.

[ejstreet]

@wchill I successfully got the app working again thanks to your patch, but I can't log in

That being said, I'm still not able to login; the app only works as an anonymous user. Works when logged in as well, I messed up the redirect URL.

What does the redirect URL need to be?

[S34NW]

What does the redirect URL need to be?

http://rubenmayayo.com

[MgDark]

i love you, this patch actually works! I was dreading having to deal with the official reddit app

[wchill]

@remghoost I think the only other place where possible patching might be required is in the redirect URL, so I'm figuring out a patch for that now. The app adds an override for http://rubenmayayo.com to the WebView that the OAuth login flow takes place in so that it can receive the OAuth credentials. (This is also why the 403 that we get from visiting that site doesn't mean anything)

The other references to rmayayo or rubenmayayo after running the app through apktool look benign, so they likely don't need to be replaced. (My patch directly overrides the user agent, so patching smali_classes2/xb/l.smali isn't needed.)

[wefalltomorrow]

Unfortunately the patch doesn't work for me, I get the same error 403 as before.

[MgDark]

Unfortunately the patch doesn't work for me, I get the same error 403 as before.

make sure you format the user.agent correctly
android:com.wchill.reddit:v1.0 (by /u/wchill)

Replace both "wchill" with your username, and also make sure you didnt put a typo in your OAuth key

[verm]

@wchill I was just writing something about the OAuth URL Reddit must check if they match from what you add. That may need to be made configurable so users can change it or just default it to http://127.0.0.1. The rest as you said are just strings within the app. Once that is changed it would be pretty annoying to detect what the app is without detecting quirks which I doubt they'd bother with.

[ejstreet]

Re @S34NW, got my login working, but the trailing / shouldn't be there. I only ran into this because I was mucking about trying to change the redirect URI. The correct value is http://rubenmayayo.com, so no change from what is described

[purgnoop]

As I've been using the moderator workaround, I never had an oauth key, is it possible to use this patch still?

The manager won't let me proceed without adding something to the oauth field

[wchill]

@purgnoop I was using unpatched Boost until today since I'm a moderator on multiple subreddits. You just need to follow the normal patching steps for the client ID field; there are tutorials for that floating around somewhere.

[ejstreet]

@purgnoop use wchill's patch.

You will need to create yourself an app by going to https://www.reddit.com/prefs/apps. Name it Boost, set as an installed app, and set the redirect URI to http://rubenmayayo.com. After you create the app there will be a string of characters under the app name. Copy that into the spoof client patch config.

[razorsbk]

For me it worked fine the standard app without any patching, installed straight from PlayStore. Since yesterday it started to throw 403 codes so I have to use Revanced patcher to do both:

• changing client id: https://github.com/KobeW50/ReVanced-Documentation/blob/main/Reddit-Client-ID-Guide.md#info
• changing user agent via alternative sources -> wchill patch (add your own username)

Now it works perfectly, great work @wchill !

[Chris7692]

Hi guys, I'm able to follow the whole process and install the app but I can't login. I've been using the subreddit moderator bypass and I've triple checked all of the settings in the instructions. I'll provide screenshots.

[oSumAtrIX]

@wchill Yes agreed the official fix doesn't follow Reddits own rules for using your own API key. Hopefully it can be changed in a way to let users follow what Reddit requires.

How come

        val randomName = (0..100000).random()
        val userAgent = "$randomName:app.revanced.$randomName:v1.0.0 (by /u/revanced)"

The first instance of $randomName in the user agent is why. A Reddit admin has explicitly stated the expectation of what user agent strings should look like.

<platform>:<app ID>:<version string> (by /u/<reddit username>)

So the following correction would comply with their API standard:

        val randomName = (0..100000).random()
        val userAgent = "android:app.revanced.$randomName:v1.0.0 (by /u/revanced)"

That's literally it.

What says an integer string can't be a name of a platform? The format is correct. Platform is neither an enum nor has a specification of having to be letters. It is an arbitrary string and numbers are valid arbitrary string. And even all that, changing it to android still keeps revanced in the user agent string, how does that extend to what wchill said. Wchill complained about revanced in the name, and not the platform

[FelesNoctis]

What says an integer string can't be a name of a platform? The format is correct. Platform is neither an enum nor has a specification of having to be letters. It is an arbitrary string and numbers are valid arbitrary string.

Logic based on how the internet works. A platform in a standard user agent would be "Android", "Windows", "Unix", etc. Operational platforms. There's no such thing as a platform named "64836" or any other random set of digits.

I'm not sure why this is such a stubborn sticking point. If it's about an attempt at obfuscation, it actually makes the agent more obvious, not less. What they're requesting is a reflection of general internet standards.

And even all that, changing it to android still keeps revanced in the user agent string, how does that extend to what wchill said. Wchill complained about revanced in the name, and not the platform

I was addressing the part of the user agent declaration that Reddit would consider incorrect. Making the suggested change ensures it follows their specifications to the letter and intent. Whether or not they decide to blacklist the word "revanced" in user agents is another matter entirely.

[wchill]

They have zero intention to block the user agent.

Just going to clarify my position, if it was only about reddit monetizing their API and still being ok with personal OAuth apps, they would have either revoked the client ID or the full user agent. It makes no sense to put a block on any user agent that mentions rubenmayayo. (Of course, I am assuming some level of competence from the admins here, but it's legitimately more work to do the latter and not the former.)

The fact that the original dev's username is specifically blocked, and nothing else, should be alarming. There have been no official updates and his account has been dormant for over a year, so why is reddit's API suddenly blocking mentions of his name now and not when the original 3rd party app saga occurred? In no world can anyone interpret this as the API just being broken. Active steps are being taken and people should be worried.

Even if you think the above is just nonsense, personal apps are supposed to have the username of the person using said personal app, so that the admins can contact the person in case of an issue. So you cannot just use /u/revanced as the account to contact. Worst case scenario, doing stuff like this can get you banned:

NEVER lie about your user-agent. This includes spoofing popular browsers and spoofing other bots. We will ban liars with extreme prejudice.

If you're going to patch the user agent, you need to do it properly and not just use a quick-and-dirty hack using a randomly generated integer and hardcoded, invalid username. And given that there is a real concern that reddit is going to crackdown on 3rd party apps, you might as well go all the way and make sure that there is nothing reddit can use to easily identify them. That is, unless you want to make more work for yourself and your users later down the line if/when they crack down harder.

It's not like these apps are being updated any more anyway; why not just do it right the first time when there's basically zero additional maintenance burden?

[ExternalAddress4401]

@oSumAtrIX: fyi, another user on reddit mentioned that just having rubenmayayo anywhere in the user agent causes the API call to get the OAuth access token to fail. So this issue is not a duplicate of #4530 and a fix will be needed.

Thank you for this. This was me, big shoutout to HTTP Toolkit for letting me play with the user agent in a very easy to setup way. I used to use Fiddler which had a lot more customization but took a lot more effort to setup. It's "open source" so I downloaded it and removed the paid subscription check. Sorry whoever developed it but I needed something easy to work with.

Really disappointing to see this backlash. This is like trying to argue that you should fix a roof leak with a piece of tape because it "works" so why go all out and properly fix it? Yeah you might wake up with a flooded house but we can deal with it then right?

Why make a real user agent when you can use a random one that violates the API TOS right? Yeah a bunch of users might eventually get banned but I'm Mr Revanced, I don't care about good solutions. 😕

[kingleo1]

@oSumAtrIX Yes, it is an arbitrary string and numbers are valid arbitrary string. Yes, reddit did not block 3rd party apps, they're simply monetising their API access. And yes, the temp fix you implement works. What's in discussion here is how to be one step ahead of reddit.

First, 2 days ago reddit admins posted this:
https://old.reddit.com/r/redditdev/comments/1j2sgxw/please_ensure_your_useragents_are_unique_and/
It clearly says that UAs set as integers or random characters, and those not unique and descriptive, will get blocked (they say might but we all know what they mean).
Then, today they went ahead and blocked all UAs containing rubenmayayo.
#4549 (comment)

Looking ahead, the logical thing to do is to allow a custom UA option for patches, in which each user would use their unique username as their App ID, or whatever they fancy really as long as it's unique and descriptive to satisfy reddit's API rules.

This is not just another way of fixing things, it's actually the better way that would prohibit reddit from simply targeting revanced in the future just like they did rubenmayayo today. I'm not saying that this would stop them completely from blocking Revanced if that was their wish, but at the very least it won't be as easy.

@wchill provided a great working solution (including the redirect URL ro remove Boost from being detected altogether) that not only solves the current issue, but also makes it harder for reddit to block Revanced in the future.

[mosestyle]

Ugh I noticed this today! Hopefully there is a fix soon 😞😞🙏

[ExternalAddress4401]

Ugh I noticed this today! Hopefully there is a fix soon 😞😞🙏

You can already fix it using @wchill's guide: https://github.com/wchill/revanced-patches

I wouldn't count on it coming to revanced officially. Seems like Revanced think they know more about how Reddit works than Reddit themselves do and want to be stubborn about it.

[Ryuisnod]

Hi guys, I'm able to follow the whole process and install the app but I can't login. I've been using the subreddit moderator bypass and I've triple checked all of the settings in the instructions. I'll provide screenshots.

I was having the same issue and after multiple checks and repatching I discovered I had "http://127.0.0.1:8080/" in Reddit apps and "http://127.0.0.1:8080" in revanced. Removed the slash from Reddit apps and it worked

[mosestyle]

Ugh I noticed this today! Hopefully there is a fix soon 😞😞🙏

You can already fix it using @wchill's guide: https://github.com/wchill/revanced-patches

I wouldn't count on it coming to revanced officially. Seems like Revanced think they know more about how Reddit works than Reddit themselves do and want to be stubborn about it.

Whenever i try to Enable "Spoof Client" all I get is this pop-up. Do you know how I can fix it?😭

[Ryuisnod]

Untick the ads one, then tick spoof and ads

…

On Thu, 6 Mar 2025, 19:41 mosestyle, ***@***.***> wrote: Ugh I noticed this today! Hopefully there is a fix soon 😞😞🙏 You can already fix it using @wchill <https://github.com/wchill>'s guide: https://github.com/wchill/revanced-patches I wouldn't count on it coming to revanced officially. Seems like Revanced think they know more about how Reddit works than Reddit themselves do and want to be stubborn about it. Whenever i try to Enable "Spoof Client" all I get is this pop-up. Do you know how I can fix it?😭 Screenshot_20250306_203928_ReVanced.Manager.png (view on web) <https://github.com/user-attachments/assets/327c1ea0-44d9-41f9-8b9b-91f11c20ae2d> — Reply to this email directly, view it on GitHub <#4549 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ALNYOW6KCRSNCCYUNGXE4YL2TCQGFAVCNFSM6AAAAABYNNA76KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDOMBUG44DCMJZGM> . You are receiving this because you commented.Message ID: ***@***.***> [image: mosestyle]*mosestyle* left a comment (ReVanced/revanced-patches#4549) <#4549 (comment)> Ugh I noticed this today! Hopefully there is a fix soon 😞😞🙏 You can already fix it using @wchill <https://github.com/wchill>'s guide: https://github.com/wchill/revanced-patches I wouldn't count on it coming to revanced officially. Seems like Revanced think they know more about how Reddit works than Reddit themselves do and want to be stubborn about it. Whenever i try to Enable "Spoof Client" all I get is this pop-up. Do you know how I can fix it?😭 Screenshot_20250306_203928_ReVanced.Manager.png (view on web) <https://github.com/user-attachments/assets/327c1ea0-44d9-41f9-8b9b-91f11c20ae2d> — Reply to this email directly, view it on GitHub <#4549 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ALNYOW6KCRSNCCYUNGXE4YL2TCQGFAVCNFSM6AAAAABYNNA76KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDOMBUG44DCMJZGM> . You are receiving this because you commented.Message ID: ***@***.***>

[mosestyle]

Untick the ads one, then tick spoof and ads
…

Ahhh, thank you it worked!😁🙏
Finally the Boost app works again!

[realitychemist]

Just to provide another piece of documentation / evidence, I was experiencing this error as of yesterday and have now fixed it. Here's what I did that eventually ended up working, in as much detail as I can remember:

0. Backed up my Boost settings (you don't actually need to do this, obviously, more just a reminder to folks that you can)
1. Uninstalled the non-functional app (it was a patched version, as I do not have a moderator exemption)
2. Updated to the newest version of ReVanced manager (probably not necessary, just eliminating a variable)
3. Downloaded the most recent APK for Boost: com.rubenmayayo.reddit_1.12.12 (it's the same one I was using before)
4. At https://www.reddit.com/prefs/apps, revoked and deleted my previous app
5. Generated a new app using the redirect URI http://rubenmayayo.com -- EDIT: With the most recent version of @wchill's patch, v5.14.1, I was able to get login working using either that URI or http://127.0.0.1:8080, as long as they match between the reddit app prefs and the setting in the spoof client patch
6. Swapped over to @wchill's revanced-patches source as decribed in this comment and restarted ReVanced manager
7. Selected the Boost APK for patching, all patches enabled
8. In the spoof client patch settings, set my OAuth client ID as usual, set the redirect URI to match the app settings on reddit (i.e. http://rubenmayayo.com), and set the user agent string as android:com.username.reddit:v1.0 (by /u/username) (using my own username)
9. Patch, install, login, restore settings from backup, everything works as expected!

Summary points:

• It seems the fault does indeed lie with the user agent string; as the admin comment suggests and as has been covered a few times here (most recently by @FelesNoctis), Reddit seems to be blocking user agent strings that contain strings of random integers (probably only the platform part of the UA string matters, but I did not test this)
• I did not test other UA strings containing words like "revanced" or "rubenmayayo" or anything like that, so I don't know if they're blocking UA strings that contain those words, but they are not blocking the redirect URI that points to http://rubenmayayo.com

[Robertiocoxio]

Hey!

Screenshot_20250306-200351.png

Adding wchill but the patch doesn't show up when trying to load patches for boost

[wchill]

@realitychemist I updated the patches about 3 hours after I first uploaded them. http://127.0.0.1:8080 is correct for anyone who's reading this now.

If you're running into the OAuth error on login, you want to double check the patch version in Revanced Manager. On the Boost patch screen, it should say 5.14.1 if you're up to date. 5.14.0 will run into the OAuth error.

[wchill]

@Robertiocoxio there's some bug with RM that sometimes prevents the patches from showing up. I had to force close the app, clear cache, and reopen a few times before it would show up for me

[Joonetic]

Does the name of the app under reddit preferences matter when it comes to hiding this from reddit? I got boost working but I named it "Boost" without thinking. Lol

If I need to change the name will it break boost again?

[realitychemist]

@wchill I went through the process described in my comment ~ 5 hours ago (so about 8 hours after you first shared your patches), and at that time was still unable to login with http://127.0.0.1:8080, but was able to log in with http://rubenmayayo.com. I can confirm that I am now pulling v5.14.1, but I don't think there's any way for me to check the patch version that I was using when I did this 5 hours ago.

For the sake of testing I've gone ahead and re-patched & re-installed with the current v5.14.1, and using http://rubenmayayo.com as the redirect URI with this version does, indeed, still work (so reddit is not blocking that redirect URI). I also re-tested using v5.14.1 and http://127.0.0.1:8080 (updated in both the patch settings and on reddit app prefs), and that now also works.

So previously I may have still had v5.14.0, although I'm not sure how the timing on that works out. Regardless, though, the new v5.14.1 version seems to work and allows logging in with either URI! I'll update my previous comment accordingly.

Also, since I didn't say so in my last comment, thank you for taking the time to update the patch and share your version with us all! Even if it's just a temporary solution, it's very much appreciated.

[wchill]

@Joonetic the name isn't being checked currently, but it might be in the future, who knows. You can change it without affecting anything though.

@realitychemist Yeah, the http://rubenmayayo.com is currently not blocked by reddit. It doesn't technically matter what the URI is, because the app intercepts the redirect, but I imagine reddit admins will be raising some eyebrows if they notice your "personal app" is using a redirect URI associated with a blocked reddit app that's no longer supported or downloadable via the Play Store. Some other folks earlier in the issue comments also shared this concern, which is why I added the redirect URI patch.

I updated the default to http://127.0.0.1:8080 because that's a very common address for developers to use (local web servers are often hosted on localhost port 8080). So it acts as a form of camouflage - they can't realistically block apps just based on that redirect URI, because it would cause issues for a lot of legitimate developers on reddit.

[purgnoop]

After uninstalling and starting fresh, I'm now getting a crash when I click on "add account".

it's working fine with no account added however.

[NotOnLand]

I'm not able to login to my account, it always says "invalid username or password." I can copy-paste it and it works fine in the web browser so I know it's not wrong. I even added my phone number to my account to try that, but it says "Something went wrong, please try again" every time. No problems using it signed out, I've repatched and reinstalled a few times trying different settings but no change.

[CrimsonKnight13]

Patch & instructions worked perfectly. Thanks @wchill!

[tina-hello]

@Joonetic The suggested naming comes from Reddit's newly enforced rule https://support.reddithelp.com/hc/en-us/articles/16160319875092-Reddit-Data-API-Wiki

Change your client's User-Agent string to something unique and descriptive, including the target platform, a unique application identifier, a version string, and your username as contact information, in the following format:
<platform>:<app ID>:<version string> (by /u/<reddit username>)

So strictly speaking this isn't about "hiding" from Reddit, and instead adhering to their rule. Will they later change their rule and block previously compliant UA, 🤷‍♀️, but for now it's clear we need a free text input for the user agent, instead of randomly generated one.

[FelesNoctis]

I made an argument in another thread about that. The general impression I was getting from oSumAtrIX was "why bother if Reddit's just going to change it again?" Well, one, if you just let it break and don't do anything about it, then Reddit has "won", and they don't need to change it again. Two, if you do a half-assed job, and they change it in a way that breaks the app again, who's really responsible there? Besides, they're going to do what they're going to do. You can't change how they operate.

But, if you follow their policies to the letter and intent, then not only is it harder for them to shut revanced patches down, but you've also covered general use bans of "well you didn't do it right". Proper implementation in this case is dual purpose.

My previous post was only about addressing the most obvious red flag in the implementation, the random number as the platform. You know that isn't what Reddit intends, even if in the end it's just a string of characters. But you can still use that random number string as well, in another way.

1. Text entry for Reddit username connected to a variable such as redditUserName
2. val userAgent = "android:app.$redditUserName.$randomName:v1.0.0 (by /u/.$redditUserName)"

Not only have you complied with Reddit's policies, but this code can be used for all patches for Reddit-related apps, not just Boost, because it's a site policy.

We know for a fact that they can blacklist certain words in user agents. It's been tested and confirmed. Doing this right, the first time, means they can't just repeat the process with "revanced", and will likely save work in the long run for ReVanced.

[danksweatshirt]

After uninstalling and starting fresh, I'm now getting a crash when I click on "add account".

it's working fine with no account added however.

Having the same issue - no OAuth error thrown, or any other error for that matter, just a crash. Followed @wchill 's (very helpful and concise) walkthrough to the letter and made sure I was pulling v5.14.1, no forward slash after the port number in the URI, etc. Runs fine in anon mode, but crashes immediately when hitting "add account".

[as3474]

After uninstalling and starting fresh, I'm now getting a crash when I click on "add account".
it's working fine with no account added however.

Having the same issue - no OAuth error thrown, or any other error for that matter, just a crash. Followed @wchill 's (very helpful and concise) walkthrough to the letter and made sure I was pulling v5.14.1, no forward slash after the port number in the URI, etc. Runs fine in anon mode, but crashes immediately when hitting "add account".

I was finally able to get it to work after unchecking all patches except for the Spoof client patch.

Hope it works for you too.

[Slasar41]

@NotOnLand Same issue with me. Have you found the solution?
I've tried putting http://rubenmayayo.com or http://127.0.0.1:8080 in Redirect URI but neither works for login. It'll just throw invalid username or password.

[oSumAtrIX]

What's in discussion here is how to be one step ahead of reddit.

Repeating what I repeated 5 times already, this is not a cat and mouse game. Refer to my last messages for what I mean.

Those that complain about the redirect uri, refer to my previous messages, I have explained already.
Those that complain about the user agent specifically are free to PR a "more compliant version", however the current one is not a problem, so effectively you don't solve anything. The old apps user agent was blocked because the API saw a spike in usage, the modified agent is random, there's not one agent used more than another. Reddit is not fighting 3rd party clients and so, won't do "heuristic analysis" of user agents structure to find and snipe user agents.

Locking as I am reading to many comments I already have answered to in my previous messages. This is going nowhere, I am not going to furthermore let fruitless Reddit-esque discussions that complain about a working fix with extremely unlikely what-ifs sift to here. The issue is fixed. Come back here with a new issue proving whatever you claim against what I said, when it happens.