NekoTel OAuth Gateway

Telegram OAuth2 for production apps

A Cloudflare Worker endpoint set for secure Telegram authentication using the OAuth2 authorization-code flow.

4 Endpoints Authorize, callback, token, userinfo

JWT Tokens Signed codes and access tokens

Edge Runtime Low-latency from Cloudflare Workers

API Endpoints

GET /oauth/authorize

Starts OAuth and redirects users to Telegram.

GET /oauth/callback

Processes Telegram auth data and returns an authorization code.

POST /oauth/token

Exchanges the authorization code for an access token.

GET /oauth/userinfo

Returns profile data for a valid bearer token.

Authorize request

/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=https://your-app.com/callback&state=csrf_token

Always verify state on callback to prevent CSRF attacks.
Keep client credentials server-side only and do not expose secrets in browser code.
Treat bearer tokens as sensitive and rotate secrets if leaked.
Apply strict redirect URI allowlists for production deployments.