# OAuth Authentication Inoreader uses OAuth 2.0 for secure user authentication. This method is preferred over ClientLogin as it doesn't require users to enter credentials outside of Inoreader. ## Authentication Flow ### 1. Consent Page Redirection Redirect users to: ``` https://www.inoreader.com/oauth2/auth?client_id=[CLIENT_ID]&redirect_uri=[REDIRECT_URI]&response_type=code&scope=[OPTIONAL_SCOPES]&state=[CSRF_PROTECTION_STRING] ``` ### 2. Token Exchange After user consent, exchange the authorization code for tokens: ```http POST /oauth2/token HTTP/1.1 Host: www.inoreader.com Content-type: application/x-www-form-urlencoded code=[AUTHORIZATION_CODE]&redirect_uri=[REDIRECT_URI]&client_id=[CLIENT_ID]&client_secret=[CLIENT_SECRET]&scope=&grant_type=authorization_code ``` ### 3. Using Access Tokens Include the access token in all API requests: ```http Authorization: Bearer [ACCESS_TOKEN] ``` ### 4. Token Refresh When tokens expire, refresh them using: ```http POST /oauth2/token HTTP/1.1 Host: www.inoreader.com Content-type: application/x-www-form-urlencoded client_id=[CLIENT_ID]&client_secret=[CLIENT_SECRET]&grant_type=refresh_token&refresh_token=[REFRESH_TOKEN] ``` ## Testing with Google OAuth Playground You can test the API using [Google OAuth 2.0 Playground](https://developers.google.com/oauthplayground): 1. Configure OAuth endpoints: - Authorization: `https://www.inoreader.com/oauth2/auth?state=test` - Token: `https://www.inoreader.com/oauth2/token` 2. Use your client credentials from [[Inoreader API Registration|application registration]] ## Related - [[Inoreader App Authentication]] - [[Inoreader API Registration]] - [[OAuth 2.0]]