Telegram OAuth2 Server

🔗 Authorization Endpoint

GET /oauth/authorize

Initiates the OAuth2 flow by redirecting users to Telegram for authentication.

Parameters:
• client_id - Your OAuth client ID
• redirect_uri - Where to redirect after authorization
• state - Optional state parameter for CSRF protection
• scope - Optional scope (defaults to "read")

Example:
GET /oauth/authorize?client_id=your_client_id&redirect_uri=https://your-app.com/callback&state=random_state

🔄 Token Endpoint

POST /oauth/token

Exchanges authorization code for access token.

Parameters:
• grant_type - Must be "authorization_code"
• code - Authorization code from callback
• client_id - Your OAuth client ID
• client_secret - Your OAuth client secret
• redirect_uri - Must match the one used in authorization

👤 User Info Endpoint

GET /oauth/userinfo

Returns user information for the authenticated user.

Headers:
Authorization: Bearer YOUR_ACCESS_TOKEN

⚙️ Setup Instructions

Create a Telegram bot via @BotFather
Configure your bot's OAuth settings
Set environment variables in your Cloudflare Worker:
- TELEGRAM_BOT_TOKEN - Your bot's API token (bot ID will be extracted from this)
- TELEGRAM_BOT_USERNAME - Your bot's username (without @)
- OAUTH_CLIENT_ID - Your OAuth client ID
- OAUTH_CLIENT_SECRET - Your OAuth client secret
- REDIRECT_URI - Your callback URL
- VALIDATE_REDIRECT_URI - Set to "false" to disable redirect URI validation
Deploy the worker to Cloudflare

🔒 Security Notes

Always validate the state parameter to prevent CSRF attacks
Store tokens securely and never expose them in client-side code
Use HTTPS for all OAuth2 communications
Consider implementing token refresh for long-lived sessions

🤖 Telegram OAuth2 Server

🔗 Authorization Endpoint

🔄 Token Endpoint

👤 User Info Endpoint

⚙️ Setup Instructions

🔒 Security Notes