--- taskmaster_id: "5.10" status: "done" priority: "high" depends_on: ["5.2", "5.8"] parent_id: "5" source: "taskmaster" generated_at: "2026-05-24T09:18:26.638Z" completed_at: "2026-05-24" --- # 5.10 - Implement Telegram as first-class authentication provider - [x] 5.10 - Implement Telegram as first-class authentication provider #taskmaster #priority/high #status/done ⏫ 🆔 tm-5.10 ## Metadata | Field | Value | | --- | --- | | Taskmaster ID | 5.10 | | Status | done | | Priority | high | | Dependencies | 5.2, 5.8 | | Parent | 5 | ## Description Add `POST /api/auth/telegram` and frontend login flow so users can authenticate with Amanat using only Telegram identity, without email or password. ## Details Backend verifies Telegram Mini App `initData` and Telegram Login Widget payloads, checks/reuses `TelegramLink`, auto-provisions Telegram-only users with nullable email, `authProvider: "telegram"`, and `telegramVerified: true`, and returns the normal JWT/refresh-token pair plus `isNewUser`. Frontend auto-authenticates Telegram Mini App launches from raw signed `initData`, adds a Telegram login action, and shows a lightweight onboarding dialog for new Telegram users. ## Verification - Backend typecheck passed. - Backend targeted Jest passed: `__tests__/telegram-auth.test.ts`, `__tests__/telegram-service.test.ts`. - Frontend targeted Jest passed: `__tests__/auth/telegram-auth-action.test.ts`, `__tests__/sections/telegram/telegram-mini-app-shell.test.tsx`. - Full frontend typecheck still has unrelated pre-existing payment UI errors outside this task. See [[Task 5.10 Telegram First-Class Authentication]] for the audit report.