The only documented way to use Telegram 3-rd party authorization is to use their script that is being provided at https://core.telegram.org/widgets/login
This script (as I digged) works in pretty strange way
- It renders “Log in with Telegram” button inside the
iframewith another extra
scriptthat loads some Telegram entities to work with (like
TAudio(???) and some others).
- By clicking on button, this
iframeopens new window that is performing authorization.
- After authorization is being completed, this window is being closed, and since it’s done, the
iframechecks the authorization again. If it’s done in right way, the
iframeretrieves all shared user info and dependent on type of authorization end calls
data-onauthor sends request to
This behaviour is really unusable for me, because we are also using Google , Github and Facebook OAuths nearby, and all of them are providing the normal usable API to open authorization windows manually and do redirects to specified url.
I mean, that’s how our, for example, Google authorization works:
- User clicks on button that is created on our own, customized to match our application style.
- On click, our application creates new window with url
- Our server catches this and redirects to Google OAuth consent screen.
- After Google authorization is being completed, it redirects user to another
- Server retrieves all necessary information, and redirects window to
/some/path/to/success_authorizationthat has script with
window.postMessageto parent window with authorization info.
- Parent window (application window) catches this message, closes window and fills storage with given user data.
And thats done. Since opened window is being opened by application, it can be controlled and closed when it’s not in use (e.g. when another auth window is being opened, or when the application tab is being closed).
What is unsuitable in telegram “Log in with telegram” button is:
- No possibility to stylize button to match application style
- No possibility to change content of the button (in our case it is necessary, because our application is multilanguage).
- No possibility to control opened window (it is being opened even if the main window is closed)
For now I can open a window with Telegram OAuth screen using
// some code above this.popup = window.open("https://oauth.telegram.org/auth?bot_id=<my_bot_id>&origin=http%3A%2F%2F<mydevorigin>&request_access=write, "authWindow", <some window params>) // some code below
But since authorization is being completed, I cannot set anything to let server know that it should retrieve user data and redirect to my page with
Is there any way to achieve Telegram authorization without their “Login with Telegram” button? Any help is highly appreciated.