Telegram as an Authentication Provider

[jsjoeio]

Description 📓

As a user of next-auth, I would like to be able to use Telegram as an authentication provider.

Links from Telegram

• User Authorization
• Telegram Login Widget
• Telegram Login for Websites

Note: not sure how difficult it would be to implement this, but with some guidance/suggestions, I might be able to do it myself as a contribution.

How to reproduce ☕️

N/A - not a bug to reproduce

Contributing 🙌🏽

Yes, I am willing to help implement this feature in a PR

[ndom91]

The Telegram auth isn't a classic OAuth implementation. However, you could use the credentials provider to implement a custom telegram provider. As there are no username/password provided here it would be a bit trickier to get this working.

From their docs you've linked, it looks like you setup a Telegram bot for your app / company. The user clicks "login" and enters their telegram number, the bot sends them a confirmation code which they then enter in the login widget.

You would have to replace the nextauth credentials login fields with the telegram login widget through a custom nextauth sign-in page, then in the authorize callback of the credentials provider, do the comparison of the returned telegram hash and the sha256 of the bot's secret key, see checking authorization in their login widget page you linked. If they match, auhtorization was successful and you can return the telegram user details object from the authorize callback.

Just thinking out loud here - the widget takes an argument, data-auth-url which is a callback URL telegram will forward to with all the users info attached as query params, maybe define a nextauth callback URL here and do some of the other verification work in one of the callback handlers (https://docs-nextauthjs.vercel.app/configuration/callbacks#sign-in-callback) ?

Unforuntately this is an extremely custom provider that we can't help much further with at the moment.

NextAuth credentials provider details: https://docs-nextauthjs.vercel.app/providers/credentials
Telegram PHP login example: https://gist.github.com/anonymous/6516521b1fb3b464534fbc30ea3573c2

[jsjoeio]

Wow, thanks for thinking out loud on that @ndom91!

So in summary, sounds like it's possible but will look different than other implementations.

And thank you for linking the examples. That should suffice I think. Thanks so much!

[stale]

Hi there! It looks like this issue hasn't had any activity for a while. It will be closed if no further activity occurs. If you think your issue is still relevant, feel free to comment on it to keep it open. (Read more at #912) Thanks!

[ziedHamdi]

I think there's a lot of peuple joining telegram, not providing a default implementation will lead to many custom non-working solutions, leading to a lot of issue signalling. I'd like to implement this, because I'm planning to use some features of their lib, but I think I'll struggle to notify the nextauth lib that the user logged in through telegram. I think there are a lot of other people out there with that need. Is there a way to ask how many would be interested in having this feature?

[NayamAmarshe]

I'd love to have this feature! Telegram has become my daily app and it'd be amazing to have Telegram authentication on websites.

[ndom91]

We recognize that there is probably a large amount of demand for something like this, however, Telegram doesn't seem to provide a standard OAuth type of login.

This means that adding its entirely custom login behavior to NextAuth.js is a rather large undertaking. If you'd like to give it a shot, we'd happily look at a PR, but we will not be pursuing this ourselves any time soon.

[Dax911]

Currently bashing my head on this as it is a core part of the specs I need to meet would have loved to use my go-to toolchain in this case. If I come up with something significant I will attach a PR. Very helpful thread tho thank you.

[flschweiger]

I would love to see more websites offering Login with Telegram, too! @passsy and I have implemented the custom login flow a few times for smaller side projects but it would be really nice to have a simple 'drop-in' solution. Especially that you can send the authenticated user notifications through Telegram makes it a really cool alternative to other providers.

I've submitted a feature request on Telegram's Bugs and Suggestions page, feel free to Login with Telegram 😆 and upvote the issue here: https://bugs.telegram.org/c/23608

[manzoorwanijk]

Here is an example using credentials provider, using a custom signing page

https://github.com/manzoorwanijk/telegram-auth/tree/main/examples/next-auth

[ziedHamdi]

Here is an example using credentials provider, using a custom signing page

https://github.com/manzoorwanijk/telegram-auth/tree/main/examples/next-auth

Thanks for sharing, I hadn't the energy to dig into lib internals. You made my day with this :-)

[TeaByte]

Here is an example using credentials provider, using a custom signing page

https://github.com/manzoorwanijk/telegram-auth/tree/main/examples/next-auth

i remade it with app router and server components and added prismaJS

https://github.com/TeaByte/telegram-auth-nextjs

[rashdeva]

Here is an example using credentials provider, using a custom signing page
https://github.com/manzoorwanijk/telegram-auth/tree/main/examples/next-auth

i remade it with app router and server components and added prismaJS

https://github.com/TeaByte/telegram-auth-nextjs

thank you very much!

[sysadminpower2019]

hello, was anyone able to get this implemented? i am looking to port this level of telegram authentication for user managemet to several other open source platforms.

[Akuna444]

Use the following code for nextjs app router https://github.com/TeaByte/telegram-auth-nextjs

[Dax911]

+1 thank you

[parmetra]

i remade it with app router and server components and added prismaJS

https://github.com/TeaByte/telegram-auth-nextjs

Hello! Could you please tell me if there will be a Telegram authorization example for version next-auth ^5?