Skip to content

Instantly share code, notes, and snippets.

@leekeifuture

leekeifuture/CheckTelegramAuthorizationData.java

Created July 7, 2020 08:54
Show Gist options
  • Save leekeifuture/0059e0fefc3ab19dda3ac2a220f564fb to your computer and use it in GitHub Desktop.
Save leekeifuture/0059e0fefc3ab19dda3ac2a220f564fb to your computer and use it in GitHub Desktop.
Download ZIP
Raw
CheckTelegramAuthorizationData.java
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.codec.digest.HmacUtils;
private Boolean isTelegramAccountDataRight(
String telegramAccountData, // data check string
String telegramBotToken // bot token
) {
byte[] data = telegramAccountData.toString().getBytes();
byte[] secret = DigestUtils.sha256(telegramBotToken);
String hashParam = telegramAccount.getHash();
String hash = HmacUtils.hmacSha256Hex(secret, data);
return hash.equals(hashParam);
}
@torsondev
Copy link

Thank you very much!

Just want to help others:
Data-check-string (telegramAccountData in this gist) must NOT include 'hash' param and 'photo_url' must be present only if it came in request (dont try to add 'photo_url=' if it was null or not present).

Examples:

auth_date=1597258354
first_name=Алексей
id=266125388
last_name=Торсон
photo_url=https://t.me/i/userpic/320/On9174mSgR1BvrskpajvHyO2dV7uTGaOSTVfTAT5UMs.jpg
username=torson_bet

auth_date=1597258354
first_name=Алексей
id=266125388
last_name=Торсон
username=torson_bet

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment