I’m working on a Telegram bot that opens websites in a webview inside the app. When a user taps a button, it loads a specific URL with added auth data. I want to create these auth params myself, but I’m not sure how.
Here’s what the URL looks like:
https://example.com/#/login?user=abc123&tgWebAppVersion=7.2&linkBot=https://t.me/mybot&tgWebAppData=query_id=xyz789&user={"id":1,"first_name":"John","last_name":"Doe","username":"johnd","language_code":"en","allows_write_to_pm":true}&auth_date=1713881657&hash=somehash&tgWebAppPlatform=weba
The bot only stores the base URL. Telegram adds the auth stuff when the button is clicked.
I’ve checked the docs and found info about URL authorization. I tried using Messages_RequestUrlAuth and Messages_AcceptUrlAuth from a library, but it didn’t work out.
Any ideas on how to generate these auth params manually? Thanks!
I’ve actually dealt with this issue before when building a Telegram bot for a client. The tricky part is that Telegram intentionally handles the auth params to maintain security. Generating them manually isn’t recommended for production use.
That being said, for testing purposes, you can simulate it by creating an HMAC-SHA256 hash. You’ll need to use your bot token as the secret key and concatenate the sorted query parameters. Just remember this won’t be as secure as Telegram’s official process.
One workaround I found useful was to set up a small proxy server that adds the necessary parameters before redirecting to your actual web app. This way, you can keep your main application logic separate from the Telegram-specific authentication handling.
If you’re set on doing it client-side, consider using a library specifically designed for Telegram bot development. They often have built-in methods for handling these auth scenarios more securely.
Generating authentication parameters for Telegram bot webview URLs manually can be tricky. The parameters are typically added by Telegram for security reasons. However, you can simulate this process for testing purposes.
To generate the auth params, you’ll need to create a hash using a secret key (your bot token) and the other parameters. The process involves:
- Collecting the necessary data (user info, query_id, auth_date).
- Sorting the parameters alphabetically.
- Creating a string by concatenating the sorted params.
- Generating an HMAC-SHA-256 hash of this string using your bot token.
Keep in mind that this method is for testing only. In a production environment, you should rely on Telegram’s official authentication process for security reasons. If you’re still having issues, consider reaching out to Telegram’s API support for more specific guidance.
hey mate, auth params manual generation is tricky. telegram already does that.
if u insist, use your bot token as secret & create a hmac hash from sorted query params. not recomended for prod, so be careful.