How do I get authentication in a telegram bot?

python authentication telegram telegram-bot
Kim Stacks picture Kim Stacks · Jun 25, 2015 · Viewed 38.8k times · Source

Telegram Bots are ready now.

If we use the analogy of web browser and websites, the telegram client applications are like the browser clients.

The Telegram Chatrooms are like websites.

Suppose we have some information we only want to restrict to certain users, on the websites, we will have authentication.

How do we achieve the same effect on the Telegram Bots?

I was told that I can use deep linking. See description here

I will reproduce it below:

  1. Create a bot with a suitable username, e.g. @ExampleComBot
  2. Set up a webhook for incoming messages
  3. Generate a random string of a sufficient length, e.g. $memcache_key = "vCH1vGWJxfSeofSAs0K5PA"
  4. Put the value 123 with the key $memcache_key into Memcache for 3600 seconds (one hour)
  5. Show our user the button https://telegram.me/ExampleComBot?start=vCH1vGWJxfSeofSAs0K5PA
  6. Configure the webhook processor to query Memcached with the parameter that is passed in incoming messages beginning with /start. If the key exists, record the chat_id passed to the webhook as telegram_chat_id for the user 123. Remove the key from Memcache.
  7. Now when we want to send a notification to the user 123, check if they have the field telegram_chat_id. If yes, use the sendMessage method in the Bot API to send them a message in Telegram.

I know how to do step 1.

I want to understand the rest.

This is the image I have in mind when I try to decipher step 2.

Enter image description here

So the various telegram clients communicate with the Telegram Server when talking to ExampleBot on their applications. The communication is two-way.

Step 2 suggests that the Telegram Server will update the ExampleBot Server via a webhook. A webhook is just a URL.

So far, am I correct?

What's the next step towards using this for authentication?

Answer

Pete picture Pete · Jul 3, 2015

Update: I created a GitHub repository with a very simple PHP application to illustrate the concept explained below:

https://github.com/pevdh/telegram-auth-example

Whether you use a webhook or not is irrelevant. The "deep linking" explained:

  1. Let the user log in on an actual website with actual username-password authentication.
  2. Generate a unique hashcode (we will call it unique_code)
  3. Save unique_code->username to a database or key-value storage.
  4. Show the user the URL https://telegram.me/YOURBOTNAME?start=unique_code
  5. Now as soon as the user opens this URL in Telegram and presses 'Start', your bot will receive a text message containing '/start unique_code', where unique_code is of course replaced by the actual hashcode.
  6. Let the bot retrieve the username by querying the database or key-value storage for unique_code.
  7. Save chat_id->username to a database or key-value storage.

Now when your bot receives another message, it can query message.chat.id in the database to check if the message is from this specific user. (And handle accordingly)

Some code (using pyTelegramBotAPI):

import telebot
import time

bot = telebot.TeleBot('TOKEN')

def extract_unique_code(text):
    # Extracts the unique_code from the sent /start command.
    return text.split()[1] if len(text.split()) > 1 else None

def in_storage(unique_code): 
    # Should check if a unique code exists in storage
    return True

def get_username_from_storage(unique_code): 
    # Does a query to the storage, retrieving the associated username
    # Should be replaced by a real database-lookup.
    return "ABC" if in_storage(unique_code) else None

def save_chat_id(chat_id, username):
    # Save the chat_id->username to storage
    # Should be replaced by a real database query.
    pass

@bot.message_handler(commands=['start'])
def send_welcome(message):
    unique_code = extract_unique_code(message.text)
    if unique_code: # if the '/start' command contains a unique_code
        username = get_username_from_storage(unique_code)
        if username: # if the username exists in our database
            save_chat_id(message.chat.id, username)
            reply = "Hello {0}, how are you?".format(username)
        else:
            reply = "I have no clue who you are..."
    else:
        reply = "Please visit me via a provided URL from the website."
    bot.reply_to(message, reply)

bot.polling()

while True:
    time.sleep(0)

Note: the unique_code will not be shown as '/start unique_code', only '/start', in the Telegram client, but your bot will still receive '/start unique_code'.

Related questions

How to check if a user is logged in (how to properly use user.is_authenticated)?

I am looking over this website but just can't seem to figure out how to do this as it's not working. I need to check if the current site user is logged in (authenticated), and am trying: request.user.is_…

Read More
How to use pip on windows behind an authenticating proxy

My computer is running windows behind a proxy on a windows server (using active directory), and I can't figure out how to get through it with pip (in python3). I have tried using --proxy, but it still just timeouts. I …

Read More
python request with authentication (access_token)

I am trying to get an API query into python. The command line curl --header "Authorization:access_token myToken" https://website.com/id gives some json output. myToken is a hexadecimal variable that remains constant throughout. I would like to …

Read More