Document Telegram first-class auth
This commit is contained in:
43
Taskmaster/Tasks/task-5-10.md
Normal file
43
Taskmaster/Tasks/task-5-10.md
Normal file
@@ -0,0 +1,43 @@
|
||||
---
|
||||
taskmaster_id: "5.10"
|
||||
status: "done"
|
||||
priority: "high"
|
||||
depends_on: ["5.2", "5.8"]
|
||||
parent_id: "5"
|
||||
source: "taskmaster"
|
||||
generated_at: "2026-05-24T09:18:26.638Z"
|
||||
completed_at: "2026-05-24"
|
||||
---
|
||||
|
||||
# 5.10 - Implement Telegram as first-class authentication provider
|
||||
|
||||
- [x] 5.10 - Implement Telegram as first-class authentication provider #taskmaster #priority/high #status/done ⏫ 🆔 tm-5.10
|
||||
|
||||
## Metadata
|
||||
|
||||
| Field | Value |
|
||||
| --- | --- |
|
||||
| Taskmaster ID | 5.10 |
|
||||
| Status | done |
|
||||
| Priority | high |
|
||||
| Dependencies | 5.2, 5.8 |
|
||||
| Parent | 5 |
|
||||
|
||||
## Description
|
||||
|
||||
Add `POST /api/auth/telegram` and frontend login flow so users can authenticate with Amanat using only Telegram identity, without email or password.
|
||||
|
||||
## Details
|
||||
|
||||
Backend verifies Telegram Mini App `initData` and Telegram Login Widget payloads, checks/reuses `TelegramLink`, auto-provisions Telegram-only users with nullable email, `authProvider: "telegram"`, and `telegramVerified: true`, and returns the normal JWT/refresh-token pair plus `isNewUser`.
|
||||
|
||||
Frontend auto-authenticates Telegram Mini App launches from raw signed `initData`, adds a Telegram login action, and shows a lightweight onboarding dialog for new Telegram users.
|
||||
|
||||
## Verification
|
||||
|
||||
- Backend typecheck passed.
|
||||
- Backend targeted Jest passed: `__tests__/telegram-auth.test.ts`, `__tests__/telegram-service.test.ts`.
|
||||
- Frontend targeted Jest passed: `__tests__/auth/telegram-auth-action.test.ts`, `__tests__/sections/telegram/telegram-mini-app-shell.test.tsx`.
|
||||
- Full frontend typecheck still has unrelated pre-existing payment UI errors outside this task.
|
||||
|
||||
See [[Task 5.10 Telegram First-Class Authentication]] for the audit report.
|
||||
Reference in New Issue
Block a user