Telegram bot - OAuth authorization

Question

I want to implement OAuth authorization by Twitch API on my bot, and when I was looking for a better solution, I found this @GitHubBot. In this bot redirect URL starting for int

Answer 1

I solved this with Telegram deep linking and AWS API Gateway service.

The authentication scenario is like this:

1. The bot tells user to open a link to the service and sign in
2. The service redirects to the URL that you setup: i.e. send a request to that URL with an OAuth code in it as a code parameter

You need to receive that code in your bot, but you cannot just redirect to your bot's URL, because the only parameter it accepts is start. This is well described in @evasyuk's answer.

My solution is to setup an AWS API Gateway endpoint that will receive the callback with the auth code from the service and redirect it to your bot's link with the start parameter. Here are the basic steps to do that.

I assume that you have an AWS account, but if not, it's easy to create and you can use this solution for a year absolutely free:

The API Gateway free tier includes one million API calls per month for up to 12 months.

1. Head to the console to create a new API Gateway. You can create a new one and follow the steps, or you can import the Swagger definition (don't forget to change the bot URL!):

   ---
   swagger: "2.0"
   info:
     version: "2017-02-25T14:22:32Z"
     title: "BotAuthRedirect"
   schemes:
   - "https"
   paths:
     /:
       x-amazon-apigateway-any-method:
         produces:
         - "text/html"
         parameters:
         - name: "code"
           in: "query"
           required: false
           type: "string"
         responses:
           200:
             description: "200 response"
             schema:
               $ref: "#/definitions/Empty"
         x-amazon-apigateway-integration:
           type: "http"
           httpMethod: "GET"
           passthroughBehavior: "when_no_match"
           responses:
             default:
               statusCode: "200"
           requestParameters:
             # This is where we map `code` query parameter to `start`
             integration.request.querystring.start: "method.request.querystring.code"
           # Don't forget to change your bot's username:
           uri: "https://telegram.me/my_bot"
   definitions:
     Empty:
       type: "object"
       title: "Empty Schema"
   

2. Press Actions > Deploy API, make some stage name, it doesn't matter

3. You will get a link for you newly created endpoint, something like

   https://.execute-api..amazonaws.com/
   

   For example

   https://abcdefghij.execute-api.eu-central-1.amazonaws.com/auth
   

---

You are ready to go. Now you can program your bot to give users a link to the service authorization, say

https://some.service.com/auth?response_type=code&client_id=&redirect_uri=https://abcdefghij.execute-api.eu-central-1.amazonaws.com

Once a user followed it and signed in, he will be sent to

https://abcdefghij.execute-api.eu-central-1.amazonaws.com/auth?code=

which will get redirected to

https://telegram.me/my_bot?start=

and normally user will get back to his Telegram app, where he is offered to press the Start button. Once he did, bot will receive a message /start (but the code won't appear in the chat history). Your bot can save this code and use it for user authentication (getting tokens).