# OAuth Authentication
Inoreader uses OAuth 2.0 for secure user authentication. This method is preferred over ClientLogin as it doesn't require users to enter credentials outside of Inoreader.
## Authentication Flow
### 1. Consent Page Redirection
Redirect users to:
```
https://www.inoreader.com/oauth2/auth?client_id=[CLIENT_ID]&redirect_uri=[REDIRECT_URI]&response_type=code&scope=[OPTIONAL_SCOPES]&state=[CSRF_PROTECTION_STRING]
```
### 2. Token Exchange
After user consent, exchange the authorization code for tokens:
```http
POST /oauth2/token HTTP/1.1
Host: www.inoreader.com
Content-type: application/x-www-form-urlencoded
code=[AUTHORIZATION_CODE]&redirect_uri=[REDIRECT_URI]&client_id=[CLIENT_ID]&client_secret=[CLIENT_SECRET]&scope=&grant_type=authorization_code
```
### 3. Using Access Tokens
Include the access token in all API requests:
```http
Authorization: Bearer [ACCESS_TOKEN]
```
### 4. Token Refresh
When tokens expire, refresh them using:
```http
POST /oauth2/token HTTP/1.1
Host: www.inoreader.com
Content-type: application/x-www-form-urlencoded
client_id=[CLIENT_ID]&client_secret=[CLIENT_SECRET]&grant_type=refresh_token&refresh_token=[REFRESH_TOKEN]
```
## Testing with Google OAuth Playground
You can test the API using [Google OAuth 2.0 Playground](https://developers.google.com/oauthplayground):
1. Configure OAuth endpoints:
- Authorization: `https://www.inoreader.com/oauth2/auth?state=test`
- Token: `https://www.inoreader.com/oauth2/token`
2. Use your client credentials from [[Inoreader API Registration|application registration]]
## Related
- [[Inoreader App Authentication]]
- [[Inoreader API Registration]]
- [[OAuth 2.0]]