Last active
December 1, 2023 11:04
-
-
Save guid-empty/39e77ba07c1983a63632e1eae7aa800e to your computer and use it in GitHub Desktop.
Checking authorization data hash for Telegram Login widget or Redirecting by LoginUrl from inline button keyboard
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/// see more details here | |
/// https://core.telegram.org/widgets/login#checking-authorization | |
import 'package:crypto/crypto.dart'; //. https://pub.dev/packages/crypto | |
static const String botToken = | |
'XXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; | |
bool checkTelegramRegistrationData({ | |
required final String id, | |
required final String firstName, | |
required final String lastName, | |
required final String userName, | |
required final String photoUrl, | |
required final String authDate, | |
required final String hash, | |
}) { | |
final fields = <String, String?>{ | |
'id': id, | |
'first_name': firstName, | |
'last_name': lastName, | |
'username': userName, | |
'photo_url': photoUrl, | |
'auth_date': authDate, | |
}; | |
final fieldsString = Map.fromEntries( | |
fields.entries.where((e) => e.value != null).toList() | |
..sort( | |
(e1, e2) => e1.key.compareTo(e2.key), | |
), | |
).entries.map((e) => '${e.key}=${e.value}').join('\n'); | |
final secretKey = sha256.convert(utf8.encode(botToken)); | |
final hmacSha256 = Hmac(sha256, secretKey.bytes); | |
final calculatedHash = hmacSha256.convert(utf8.encode(fieldsString)); | |
return calculatedHash.toString() == hash; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
start