homelab/compose/services/FreshRSS/REEDER-AUTH-DEBUG.md

Reeder Authentication Failure - Troubleshooting

Current Status

✅ API enabled in FreshRSS ✅ API password hash exists for user 'eddie' ✅ Tinyauth SSO removed ❌ Reeder getting 401 Unauthorized

Log Analysis

POST /api/greader.php/accounts/ClientLogin HTTP/1.1" 401

This means:

• Reeder is correctly hitting the Google Reader API endpoint
• Authentication is failing (401 = Unauthorized)
• Either wrong password OR the API password hasn't been properly set

The Issue: API Password vs Web Password

FreshRSS has TWO different passwords:

1. Web Password - For logging into https://feeds.fig.systems
2. API Password - For iOS apps (Reeder, NetNewsWire, etc.)

You MUST use the API password in Reeder, not your web password!

Step-by-Step Fix

1. Generate/Regenerate API Password

Via Web Interface (Easiest):

1. Go to https://feeds.fig.systems
2. Log in with your web password
3. Click your username (top right) → Configuration
4. Click Profile tab
5. Scroll down to "API management" or "API" section
6. Look for "API password" field
7. Click "Generate" or "Regenerate" button
8. Write down the password immediately - it won't be shown again!

The password will look something like: aB3xK9mP2wQz7nYv

2. Configure Reeder

Open Reeder on your iOS device:

1. Add Account → Select FreshRSS or Self-hosted
2. Enter these details:
   • Server: https://feeds.fig.systems
   • Username: eddie
   • Password: [THE API PASSWORD FROM STEP 1] ← NOT your web password!

3. Test Authentication

Try to sync in Reeder. If it still fails, continue to advanced troubleshooting below.

Advanced Troubleshooting

Test API Manually

Run this test script:

/tmp/test-freshrss-api.sh

Or manually:

# Replace YOUR_API_PASSWORD with the actual API password
curl -v -d "Email=eddie" -d "Passwd=YOUR_API_PASSWORD" \
  "https://feeds.fig.systems/api/greader.php/accounts/ClientLogin"

# Should return 200 and an auth token, NOT 401

Check What Reeder is Sending

Watch the logs while you try to connect from Reeder:

tail -f /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/log/nginx/access.log

Look for:

• Is username being sent correctly? (should be 'eddie')
• Multiple 401s = wrong password
• 404 = wrong URL endpoint

Common Issues

Issue 1: Using Web Password Instead of API Password

Symptom: 401 errors Solution: Generate API password in web interface, use THAT password

Issue 2: API Password Never Generated

Symptom: 401 errors Check: Look in web interface - is the API password field empty? Solution: Click "Generate" to create one

Issue 3: Wrong Username

Symptom: 401 errors Check: Username must be exactly eddie (the FreshRSS username) Solution: Double-check spelling and case

Issue 4: Wrong Server URL

Symptom: Connection errors or 404 Check: Must be https://feeds.fig.systems (no trailing slash) Solution: Remove any extra characters

Issue 5: Reeder Using Wrong API Type

Symptom: 404 or unexpected responses Solution: In Reeder, make sure you selected:

• "FreshRSS" account type (if available)
• OR "Self-hosted" → "Google Reader API"
• NOT "Fever API" (different authentication)

Verify API is Actually Working

Method 1: Use Fever API Instead

FreshRSS also supports Fever API. Your Fever key is:

b82fc4a3c3ff610ff270798ef6f93b13

Try in Reeder:

1. Add Account → Fever
2. Server: https://feeds.fig.systems/api/fever.php
3. Email: eddie
4. Password: Your web password (Fever uses web password, not API password!)

If Fever works but Google Reader API doesn't, there's an issue with the Google Reader API specifically.

Method 2: Check from Another Device

Try accessing from desktop:

curl -d "Email=eddie" -d "Passwd=YOUR_API_PASSWORD" \
  "https://feeds.fig.systems/api/greader.php/accounts/ClientLogin"

If this returns a token, the API works and the issue is Reeder-specific.

Reset Everything

If nothing works, reset the API authentication:

1. Clear API Password

# Backup first
cp /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/www/freshrss/data/users/eddie/config.php \
   /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/www/freshrss/data/users/eddie/config.php.backup

# Edit the config file manually to clear API password
# Look for 'apiPasswordHash' and set it to empty string

2. Regenerate via Web Interface

1. Log into https://feeds.fig.systems
2. Go to Profile → API management
3. Generate NEW API password
4. Try again in Reeder

Check FreshRSS Version

docker exec freshrss cat /app/freshrss/constants.php | grep FRESHRSS_VERSION

If it's very old, some API features might not work correctly.

Update:

cd /home/eduardo_figueroa/homelab/compose/services/FreshRSS
docker compose pull
docker compose up -d

Enable More Verbose API Logging

Edit: /home/eduardo_figueroa/homelab/compose/services/FreshRSS/config/www/freshrss/data/config.php

Add:

'simplepie_syslog_enabled' => true,

Then check syslog:

docker exec freshrss cat /var/log/syslog 2>/dev/null | grep -i "api\|auth\|greader"

Still Not Working?

Nuclear Option: Recreate User

If API auth is completely broken for this user:

1. Export your feeds (Settings → Import/Export)
2. Create NEW user in FreshRSS web interface
3. Generate API password for new user
4. Import feeds to new user
5. Try Reeder with new user credentials

Test Results Template

When asking for help, provide:

Username: eddie
Server URL: https://feeds.fig.systems
Reeder Account Type: [FreshRSS / Self-hosted / Other]

API Password Generated: [Yes / No]
Using API Password (not web password): [Yes / No]

curl test result:
[paste output of test script]

Recent nginx logs:
[paste last 5 lines from access.log during attempt]

---

Most Common Solution: You need to generate a NEW API password in the web interface and use THAT specific password in Reeder, not your web login password.