Anime List Sync

Auth helper for AniList, MAL, and AnimeSchedule

Generate OAuth URLs, inspect callback results, and prepare the exact values you need for GitHub Actions secrets.

Security boundary: this static site can generate auth URLs and read callback results, but it should not contain private app secrets. MyAnimeList code exchange stays local.

Redirect Inspector

Read tokens or codes from the current callback URL

Current URL

Detected values

AniList implicit flow usually returns an access token in the URL fragment. MAL authorization code flow returns a code in the query string, which must be exchanged before you get a refresh token.

AniList

Generate a browser-based token URL

Recommended output for GitHub secret: ANILIST_TOKEN

Verify AniList token format

MyAnimeList

Generate PKCE auth URL and local exchange command

This value is not the refresh token. It is only the temporary authorization code from the redirect URL.

Run the generated command locally. Do not embed your MAL client secret in a public site.

Verify MAL value type

AnimeSchedule

Generate OAuth URL and local exchange command

The token shown under Your Applications is the app token, not the OAuth user token used by /animelists/oauth.

Open AnimeSchedule docs

Verify AnimeSchedule token format

GitHub Secrets

Final values to store

  • ANILIST_TOKEN
  • MAL_CLIENT_ID
  • MAL_CLIENT_SECRET
  • MAL_REFRESH_TOKEN
  • ANIMESCHEDULE_TOKEN

For MAL, you can also store MAL_ACCESS_TOKEN, but the refresh token flow is the better fit for a daily GitHub Action.

For AnimeSchedule, store the OAuth access token in ANIMESCHEDULE_TOKEN. Do not use the raw app token from the account settings page.