Location>code7788 >text

Telegram Third Party Login Steps

Popularity:997 ℃/2024-08-19 18:39:57

I don't see much online, so I'll simply make a note that this article is mainly a supplement to the following article

Telegram (Telegram) Authorized Login (web) Third Party

The overall steps are:

  1. Find botFather Create a bot
  2. To set up a domain name whitelist for the robot, used to set the callback address, the official back to the user information returned here, so note that the domain name needs to be able to be called by the tg official, such as intranet, domestic ip, etc., is not able to call back successfully; and you need to configure the https
  3. Go to the official/widgets/login#widget-configuration Choose the callback method; there are two types of callbacks, the first returns directly to the front-end, and the second interfaces back-end

Take the first one as an example:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>
<body>
<script async src="/js/?22" data-telegram-login="watchx_test2_bot" data-size="large" data-onauth="onTelegramAuth(user)" data-request-access="write"></script>
<script type="text/javascript">
  function onTelegramAuth(user) {
    alert('Logged in as ' + user.first_name + ' ' + user.last_name + ' (' +  + ( ? ', @' +  : '') + ')');
  }
</script></body>
</html>

Since the official source code iframe pop-up window, you need to put thescript tab intobody center

Finally, the front-end to get the name, last_name, and other information, all passed to the back-end, the back-end according to the hash to do integrity checking, which botToken is the previous get the token
Logical reference:
/MakStashkevich/7ae71729adbe3cbe2a662a7e16df6ea2


@Data
public class OauthTgDto {
    /** tg id*/
    String id;
    String firstName;
    String username;
    /** Twitter avatar*/
    String photoUrl;
    /** Authorization time*/
    String authDate;
    /** verify a hash (computing)*/
    String hash;
}


    public static boolean checkTelegramAuthorization(OauthTgDto params, String botToken) throws NoSuchAlgorithmException, InvalidKeyException {
        // Constructing data strings
        String dataCheckString = getTokenStringBuilder(params);
        // utilization bot token computational key
        MessageDigest digest = ("SHA-256");
        byte[] secretKey = ((StandardCharsets.UTF_8));

        // utilization密钥计算哈希
        Mac sha256Hmac = ("HmacSHA256");
        SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey, "HmacSHA256");
        (secretKeySpec);
        byte[] computedHash = ((StandardCharsets.UTF_8));

        // Convert the computed hash to Base64 encodings
        String computedHashString = bytesToHex(computedHash);

        // Compare the calculated hash with the passed hash
        return !(());
    }

    private static @NotNull String getTokenStringBuilder(OauthTgDto params) {
        Map<String, String> dataMap = new HashMap<>();
        ("auth_date", ());
        ("first_name", ());
        ("id", ());
        ("username", ());
        ("photo_url", ());

        return ().stream()
                .sorted(())
                .map(entry -> () + "=" + ())
                .collect(("\n"));
    }
    
    private static String bytesToHex(byte[] bytes) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bytes) {
            (("%02x", b));
        }
        return ();
    }
Here's a block of anti-climbing code, I don't mind articles being crawled, but please give credit where it's coming from
("Author's homepage:/Go-Solo");;
("Original article address: /Go-Solo/p/18367728");;