New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Commands: only /start available to pass argument? #162

Closed
evasyuk opened this Issue Sep 16, 2016 · 4 comments

Comments

2 participants
@evasyuk

evasyuk commented Sep 16, 2016

Could I pass arguments to different command?
If it is not possible, how can I authenticate user and authorize him at 3rd party service via oAuth2?
For example, check out: Youtube bot or Github.
I also noticed that they redirect to https://integrations.telegram.me, but I still can't understand how exactly they authenticate user as far as oAuth2 doesn't contain any info about user who grants permission

I need to authorize user at 3rd party services. For example, Google calendar.
So, I decided to create simple URI that redirects to Service Sign In and redirect URL to my server with token\authCode.
As far as oauth does not authenticate user, I still need somehow identify who exactly granted access to his resources.
So my next logical step was to hash received token and send it back to user via https://telegram.me/BOT?code=xxx
I was convinced that if there is commandHandler for /code and /code is in the bot commands list I would be able to open conversation with my bot and sent this hashed code via webhook back to my server in order to detect who exactly it was at access grant step.
I was shocked when I found that my plan was ruined at the last step: as far as I can see there is only /start command could be triggerred.
My question is: can you confirm that only /start command could query parameters via URL? if so, could you give me some advise about the right way of authorizing and authenticationg user?

@nickoala

This comment has been minimized.

Show comment
Hide comment
@nickoala

nickoala Sep 18, 2016

Owner

Well, I don't fully understand your situation. What I can say is:

  1. There is nothing that stops the user from typing /code param1 param2, so there is a way to pass parameters, even though it requires the user actively typing. Downside is you can't just tap on the command.
  2. Have you looked into deep linking?
Owner

nickoala commented Sep 18, 2016

Well, I don't fully understand your situation. What I can say is:

  1. There is nothing that stops the user from typing /code param1 param2, so there is a way to pass parameters, even though it requires the user actively typing. Downside is you can't just tap on the command.
  2. Have you looked into deep linking?
@evasyuk

This comment has been minimized.

Show comment
Hide comment
@evasyuk

evasyuk Sep 18, 2016

@nickoala
Yes, I've looked into provided examples and here is what I found:
case described in your example is about situation when you want want to identify user in Telegram, so it means you already have user base with credentials.
My case is about user identification from Telegram
which means that I do not have user in my data base yet, but I really want to have him.
So, I inspired by example and explanation about unique hash for user created sequence of actions that allows me to get information about user from 3rd party services via oAuth authorisation.
The biggest problem in this scheme is to identify who exactly granted permission to access his data.
There were 2 main approaches to do that:
first one was about creating dynamic authorization with unique redirection URL fragment, but it in the end I found that I'd missed explanation that redirect URI has to be unique(no fragments, no relative paths)
the second one was about to make redirection to my bot with custom command which would query hashed authorization result. After hashed authorization result passes through webhook back to my server I could identify user with real authorization result.
So, as you can see it is not possible to implement oauth authorization like it done with https://telegram.me/youtube
It seems that the only way to use oauth with telegram is /start command with further parameter parsing, but from the end-user perspective it is quite weird to press "start" button in the middle of the conversation

So, you can pass arguments to your bot using URL like this: https://telegram.me/bod?start=parameter (even if it looks odd in the middle of conversation)
but you can not pass arguments to your bot using URL like this: https://telegram.me/bod?not_a_start_code=parameter

evasyuk commented Sep 18, 2016

@nickoala
Yes, I've looked into provided examples and here is what I found:
case described in your example is about situation when you want want to identify user in Telegram, so it means you already have user base with credentials.
My case is about user identification from Telegram
which means that I do not have user in my data base yet, but I really want to have him.
So, I inspired by example and explanation about unique hash for user created sequence of actions that allows me to get information about user from 3rd party services via oAuth authorisation.
The biggest problem in this scheme is to identify who exactly granted permission to access his data.
There were 2 main approaches to do that:
first one was about creating dynamic authorization with unique redirection URL fragment, but it in the end I found that I'd missed explanation that redirect URI has to be unique(no fragments, no relative paths)
the second one was about to make redirection to my bot with custom command which would query hashed authorization result. After hashed authorization result passes through webhook back to my server I could identify user with real authorization result.
So, as you can see it is not possible to implement oauth authorization like it done with https://telegram.me/youtube
It seems that the only way to use oauth with telegram is /start command with further parameter parsing, but from the end-user perspective it is quite weird to press "start" button in the middle of the conversation

So, you can pass arguments to your bot using URL like this: https://telegram.me/bod?start=parameter (even if it looks odd in the middle of conversation)
but you can not pass arguments to your bot using URL like this: https://telegram.me/bod?not_a_start_code=parameter

@nickoala

This comment has been minimized.

Show comment
Hide comment
@nickoala

nickoala Sep 19, 2016

Owner

Cool. I am happy you found a solution to your problem!

Owner

nickoala commented Sep 19, 2016

Cool. I am happy you found a solution to your problem!

@evasyuk evasyuk closed this Sep 19, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment