3

I'd like to set up a authentication through telegram using it's deep linking api.

In order to authenticate, in my app I ask users to click on a link like:

https://telegram.me/myloginbot?start=somesecretkey

If I understand the docs correctly, I should expect the bot to echo back somesecretky to my server.

Now, this step of the docs is unclear to me:

  1. Configure the webhook processor to query Memcached with the parameter that is passed in incoming messages beginning with /start

If I understand correctly, I need to configure myloginbot so that when the user clicks start button on the bot's page, the bot echos back to my server a url containing somesecretkey and some user info. But I don't know how to do so.

In this answer, it is suggested that:

  1. Let the bot retrieve the username by querying the database or key-value storage for unique_code.

But I don't know how can I make the bot query the (presumably remote) database.

So really appreciate your hints.

Community
  • 1
  • 1
ultrax
  • 105
  • 2
  • 11

1 Answers1

9

My understanding to deep linking is this:

  1. You have a database of users. Each user has an ID. Suppose you want your Telegram bot to communicate with user 123. But you don't know his Telegram chat_id (which the bot needs in order to send messages to him). How do you "entice" him to talk to the bot, thus revealing his chat_id? You put a link on a web page.

  2. But the link has to be "personalized". You want each user to press on a slightly different link, in order to distinguish them. One way to do that is to embed user ID in the link. However, user IDs are not something you want to expose, so you generate a (temporary) key associated with each user ID, and embed that key in the link. For example, user 123 has the key abcde. His personalized link will be:

    https://telegram.me/myloginbot?start=abcde

  3. Someone clicks on the link, and is led to a conversation with your bot. At the same time (or when he presses the START button), your bot will receive a message:

    /start abcde

  4. On receiving that message, the bot sees that abcde is associated with user 123. Telegram chat_id can also be extracted from the message. Now, the bot knows user 123's chat_id, and can send him messages afterwards.

To experiment with deep linking, you need a bot that can handle /start messages, supported by a "datastore" that remembers the key-ID associations. When Telegram docs say "memcache", they just mean something that stores the key-ID associations. For an experiment, it may be as simple as a dictionary, or an associative array. In real life, it may be Memcached (the memory caching software), or a database table.

If you use Python, I recommend taking a look at telepot, a Python framework for Telegram Bot API. It does not do deep linking per se, but it does help you in receiving messages for a bot, and other bot operations in general. I also have an example there demonstrating how to output a personalized link, set up a webhook, and parse the incoming /start command with the key.

Nick Lee
  • 5,639
  • 3
  • 27
  • 35
  • Thanks for your informative explanation Nick. Actually my difficulty is at step 4 when `the bot sees that abcde is associated with user 123`. I assume this process should happen on my server right? My core problem is to get back the abcde from telegram bot into my server so that I can extract chat_id from it. btw, I'm using django so prefer to do that in pure python and not rely on external libraries. – ultrax Jan 31 '16 at 18:34
  • I have just tested deep linking, confirming my understanding is correct (and edited the answer above accordingly). I have also added an example there. Please visit the link mentioned above. – Nick Lee Feb 01 '16 at 11:19
  • To receive the `/start` message, you have to set up a webhook by calling [the `setWebhook` method](https://core.telegram.org/bots/api#setwebhook) on Bot API. – Nick Lee Feb 01 '16 at 11:21
  • Would you please give me an example on how to use setwebhook for this purpose? – ultrax Feb 02 '16 at 01:17
  • Well, an example of how to `setWebhook` is in the example link I have given above (last paragraph of my answer). Just follow the link, look at my code, and look for `setWebhook` there. If, as you have mentioned, you don't want to rely on any external library, then you'll have to learn about Telegram Bot API and programmatically make an HTTP request to it. To make HTTP requests from Python, you may use the [Requests](http://docs.python-requests.org/en/latest/) package. – Nick Lee Feb 02 '16 at 06:15
  • Nick, I tried the `Webhook + Flask + Deep linking` code but ti does not post `ghijk` on telegram channel, when I click `start` button. Nor does it seem to returen the value to the bot. It is not surprising because I don't see any ssl key/cert being set. I guess your code need some modification. Really appreciate a complete working example. – ultrax Feb 08 '16 at 12:07
  • The deep linking examples use webhook, and if you read the webhook [documentations](https://github.com/nickoala/telepot#webhook-interface) carefully, I explicitly state that "you will have to set up the webhook URL, SSL certificate, and web server on your own". So you are correct, there is no SSL cert included in the examples. If I am not mistaken, your above comments suggest that you already have a domain name and a web server set up. It is not too big a step to set up your own SSL certificate, right? – Nick Lee Feb 09 '16 at 15:49
  • One more hint: to run the deep-linking example, you will have to supply the webhook URL, which is: /abc – Nick Lee Feb 09 '16 at 15:52
  • You said you are using Django. I don't see why you cannot mix Django and telepot. To set up the webhook URL, you only need two lines of Python: `bot = telepot.Bot('TOKEN')` and `bot.setWebhook('URL')`. If you are lazy, you may even execute these two lines in the Python interpreter, no script needed. Then, remember to modify your `urls.py` to route the webhook URL to the correct view. – Nick Lee Feb 09 '16 at 16:00