I don't see much online, so I'll simply make a note that this article is mainly a supplement to the following article
Telegram (Telegram) Authorized Login (web) Third Party
The overall steps are:
- Find botFather Create a bot
- To set up a domain name whitelist for the robot, used to set the callback address, the official back to the user information returned here, so note that the domain name needs to be able to be called by the tg official, such as intranet, domestic ip, etc., is not able to call back successfully; and you need to configure the https
- Go to the official
/widgets/login#widget-configuration
Choose the callback method; there are two types of callbacks, the first returns directly to the front-end, and the second interfaces back-end
Take the first one as an example:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<script async src="/js/?22" data-telegram-login="watchx_test2_bot" data-size="large" data-onauth="onTelegramAuth(user)" data-request-access="write"></script>
<script type="text/javascript">
function onTelegramAuth(user) {
alert('Logged in as ' + user.first_name + ' ' + user.last_name + ' (' + + ( ? ', @' + : '') + ')');
}
</script></body>
</html>
Since the official source code iframe pop-up window, you need to put thescript
tab intobody
center
Finally, the front-end to get the name, last_name, and other information, all passed to the back-end, the back-end according to the hash to do integrity checking, which botToken is the previous get the token
Logical reference:
/MakStashkevich/7ae71729adbe3cbe2a662a7e16df6ea2
@Data
public class OauthTgDto {
/** tg id*/
String id;
String firstName;
String username;
/** Twitter avatar*/
String photoUrl;
/** Authorization time*/
String authDate;
/** verify a hash (computing)*/
String hash;
}
public static boolean checkTelegramAuthorization(OauthTgDto params, String botToken) throws NoSuchAlgorithmException, InvalidKeyException {
// Constructing data strings
String dataCheckString = getTokenStringBuilder(params);
// utilization bot token computational key
MessageDigest digest = ("SHA-256");
byte[] secretKey = ((StandardCharsets.UTF_8));
// utilization密钥计算哈希
Mac sha256Hmac = ("HmacSHA256");
SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey, "HmacSHA256");
(secretKeySpec);
byte[] computedHash = ((StandardCharsets.UTF_8));
// Convert the computed hash to Base64 encodings
String computedHashString = bytesToHex(computedHash);
// Compare the calculated hash with the passed hash
return !(());
}
private static @NotNull String getTokenStringBuilder(OauthTgDto params) {
Map<String, String> dataMap = new HashMap<>();
("auth_date", ());
("first_name", ());
("id", ());
("username", ());
("photo_url", ());
return ().stream()
.sorted(())
.map(entry -> () + "=" + ())
.collect(("\n"));
}
private static String bytesToHex(byte[] bytes) {
StringBuilder sb = new StringBuilder();
for (byte b : bytes) {
(("%02x", b));
}
return ();
}
Here's a block of anti-climbing code, I don't mind articles being crawled, but please give credit where it's coming from
("Author's homepage:/Go-Solo");;
("Original article address: /Go-Solo/p/18367728");;