Sign in with Telegram

Community-contributed integration

This integration is community-maintained, not part of Ory's officially supported social sign-in providers. Reference implementation: ory/integrates/social-sign-in/telegram. Contributions welcome.

Telegram Login Widget is Telegram's authentication mechanism. It is a client-side widget that returns a signed payload identifying the Telegram user. It is common in crypto, gaming, and chat-adjacent products whose audiences are already on Telegram.

Telegram's flow is not OAuth 2.0 or OIDC. It is a custom widget that POSTs a hash-signed payload (id, first_name, username, photo_url, auth_date, hash) to your site. The integration point is your application code calling the Ory Identities Admin API, not a social sign-in provider.

Setup pattern

1. Register a bot with @BotFather and set the domain to where the widget will render.
2. Embed the widget. It POSTs the signed payload to your endpoint.
3. Your endpoint verifies the HMAC-SHA256 hash against the bot token, then creates or looks up the Ory identity via the Ory Identities Admin API (keyed by Telegram user ID) and mints an Ory session.

Things to know

• Telegram's signed payload is short-lived, so reject any auth_date older than 86400 seconds.
• Telegram does not release phone numbers. It returns only id, first_name, optional last_name, username, and photo_url.
• Telegram Mini Apps use a different initData flow. See the Mini Apps docs.

Resources

• Telegram Login Widget docs
• Ory Identities Admin API
• Reference: ory/integrates/social-sign-in/telegram