telegram-webapps-authentication
Advanced tools
This Python package provides an authentication mechanism for Telegram web apps. It implements the algorithm for validating data received from a Telegram web app, ensuring the authenticity and integrity of the data.
This Python package provides an authentication mechanism for Telegram web apps. It implements the algorithm for validating data received from a Telegram web app, ensuring the authenticity and integrity of the data. For detailed information on validating data received via a web app, please refer to the official Telegram documentation.
To use this module, you need to have Python 3.x installed. Install the necessary dependencies using pip:
pip install telegram_webapps_authentication
Here is an example of how to use the Authenticator class with FastAPI:
from typing import Optional
from fastapi import FastAPI, HTTPException, Header, Depends
from pydantic import BaseModel
from telegram_webapps_authentication import Authenticator, TelegramUser
app = FastAPI()
BOT_TOKEN = "YOUR_BOT_TOKEN" # Replace it with your real telegram bot token
authenticator = Authenticator(BOT_TOKEN)
class Message(BaseModel):
text: str
@app.get("/validate")
def validate_init_data(authorization: Optional[str] = Header()):
try:
if authenticator.validate_init_data(authorization):
initial_data = authenticator.get_initial_data(authorization)
return {"message": initial_data.dict()}
else:
raise HTTPException(status_code=400, detail="Data is not valid")
except Exception as e:
raise HTTPException(status_code=400, detail=str(e))
@app.get("/get_user")
def get_user_instance(authorization: Optional[str] = Header()):
user = authenticator.get_telegram_user(authorization)
return user
@app.post("/message")
async def send_message(
message: Message,
user: TelegramUser = Depends(authenticator.get_telegram_user),
):
"""
Your backend logic
"""
...
TelegramUserRepresents a Telegram user.
id (int): User ID.first_name (str): User's first name.last_name (str): User's last name.username (str): User's username.language_code (str): User's language code.InitialDataRepresents the initial data received from Telegram.
query_id (str): Unique query ID.user (TelegramUser): User information.auth_date (str): Authentication date.hash (str): Hash for data validation.Authenticator ClassThe Authenticator class provides methods for handling and validating the initial data from Telegram.
__init__(self, bot_token: str)Initializes the Authenticator with a bot token.
bot_token (str): Token for the Telegram bot.initial_data_parse(self, init_data: str) -> Dict[str, Any]Parses the initial data from a query string format into a dictionary.
init_data (str): Initial data in query string format.Dict[str, Any]: Parsed data as a dictionary.ValueError: If any required keys are missing in the data.initial_data_prepare(self, init_data_dict: Dict[str, Any]) -> strPrepares the cleaned data string by excluding the 'hash' key and sorting the remaining key-value pairs.
init_data_dict (Dict[str, Any]): Dictionary of initial data.str: Prepared data string.ValueError: If init_data_dict is empty or if no data is available after excluding the 'hash' key.TypeError: If any value is not a string.extract_user_data(self, init_data: str) -> Dict[str, str]Extracts user-specific data from the initial data.
init_data (str): Initial data in query string format.Dict[str, str]: Extracted user data.ValueError: If 'user' key is missing in initial data or if user data is not valid JSON.validate_init_data(self, init_data: str) -> boolValidates the initial data by comparing the provided hash with the computed hash.
init_data (str): Initial data in query string format.bool: True if the data is valid, False otherwise.ValueError: If 'hash' key is not found in init_data.get_telegram_user(self, init_data: str) -> TelegramUserExtracts and returns a TelegramUser object from the initial data.
init_data (str): Initial data in query string format.TelegramUser: Extracted Telegram user information.ValueError: If init_data is not valid.get_initial_data(self, init_data: str) -> InitialDataExtracts and returns an InitialData object from the initial data.
init_data (str): Initial data in query string format.InitialData: Extracted initial data information.ValueError: If init_data is not valid.encode_init_data(self, data: str) -> strEncodes initial data to base64 format.
data (str): Data to be encoded.str: Base64 encoded data.decode_init_data(self, encoded_data: str) -> strDecodes initial data from base64 format.
encoded_data (str): Base64 encoded data.str: Decoded data.FAQs
This Python package provides an authentication mechanism for Telegram web apps. It implements the algorithm for validating data received from a Telegram web app, ensuring the authenticity and integrity of the data.
We found that telegram-webapps-authentication demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Application Security
/Security News
Socket CEO Feross Aboukhadijeh and a16z partner Joel de la Garza discuss vibe coding, AI-driven software development, and how the rise of LLMs, despite their risks, still points toward a more secure and innovative future.
Research
/Security News
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
Research
/Security News
Socket researchers investigate 4 malicious npm and PyPI packages with 56,000+ downloads that install surveillance malware.