README.md

# Telegram UserAuth UI

Reusable Angular-hosted UI for Telegram login.

The app now boots directly into the live `userauth` flow instead of a demo dialog. On load it:

- checks `GET /userauth/session`
- creates a QR session with `POST /userauth/qr/create`
- polls `GET /userauth/qr/poll?token=...` every 5 seconds
- falls back to session re-check polling if QR creation or polling fails

## Run

```bash
npm start
```

The dev server runs on port `4300`.

## Build

```bash
npm run build
```

## Backend contract

This UI is intended to work against a reusable Telegram auth backend with these endpoints:

- `GET /userauth/session`
- `POST /userauth/qr/create`
- `GET /userauth/qr/poll?token=...`
- `POST /userauth/qr/confirm`
- `GET /userauth/telegram/callback`
- `POST /userauth/logout`
- `POST /usersession/{sessionId}`

Expected authenticated session payload:

```json
{
	"sessionId": "550e8400-e29b-41d4-a716-446655440000",
	"telegramUserId": 123456789,
	"username": "ivan_petrov",
	"displayName": "Ivan Petrov",
	"active": true,
	"expiresAt": "2026-05-21T14:30:00Z"
}
```

Runtime expectations preserved by the UI:

- QR polling every 5 seconds
- QR expiry after 100 checks on the frontend
- direct Telegram open button using the same deep link returned by QR creation
- fallback session re-check if QR creation fails

Cookie requirements expected by consumers:

- name: `userauth_session`
- path: `/`
- `HttpOnly: true`
- `Secure: true`
- `SameSite: None`
- `MaxAge: 86400`

Credentialed CORS is required on the backend.
good commit 2026-05-21 15:05:53 +04:00			`# Telegram UserAuth UI`
very first commit 2026-01-26 16:21:23 +04:00
changes 2026-05-21 15:18:28 +04:00			`Reusable Angular-hosted UI for Telegram login.`
very first commit 2026-01-26 16:21:23 +04:00
changes 2026-05-21 15:18:28 +04:00			The app now boots directly into the live `userauth` flow instead of a demo dialog. On load it:
very first commit 2026-01-26 16:21:23 +04:00
changes 2026-05-21 15:18:28 +04:00			- checks `GET /userauth/session`
			- creates a QR session with `POST /userauth/qr/create`
			- polls `GET /userauth/qr/poll?token=...` every 5 seconds
			`- falls back to session re-check polling if QR creation or polling fails`
very first commit 2026-01-26 16:21:23 +04:00
good commit 2026-05-21 15:05:53 +04:00			`## Run`
very first commit 2026-01-26 16:21:23 +04:00
			```bash
good commit 2026-05-21 15:05:53 +04:00			`npm start`
very first commit 2026-01-26 16:21:23 +04:00			```

good commit 2026-05-21 15:05:53 +04:00			The dev server runs on port `4300`.
very first commit 2026-01-26 16:21:23 +04:00
good commit 2026-05-21 15:05:53 +04:00			`## Build`
very first commit 2026-01-26 16:21:23 +04:00
			```bash
good commit 2026-05-21 15:05:53 +04:00			`npm run build`
very first commit 2026-01-26 16:21:23 +04:00			```

good commit 2026-05-21 15:05:53 +04:00			`## Backend contract`

			`This UI is intended to work against a reusable Telegram auth backend with these endpoints:`

			- `GET /userauth/session`
			- `POST /userauth/qr/create`
			- `GET /userauth/qr/poll?token=...`
			- `POST /userauth/qr/confirm`
			- `GET /userauth/telegram/callback`
			- `POST /userauth/logout`
			- `POST /usersession/{sessionId}`

			`Expected authenticated session payload:`

			```json
			`{`
			`"sessionId": "550e8400-e29b-41d4-a716-446655440000",`
			`"telegramUserId": 123456789,`
			`"username": "ivan_petrov",`
			`"displayName": "Ivan Petrov",`
			`"active": true,`
			`"expiresAt": "2026-05-21T14:30:00Z"`
			`}`
very first commit 2026-01-26 16:21:23 +04:00			```

good commit 2026-05-21 15:05:53 +04:00			`Runtime expectations preserved by the UI:`
very first commit 2026-01-26 16:21:23 +04:00
changes 2026-05-21 15:18:28 +04:00			`- QR polling every 5 seconds`
good commit 2026-05-21 15:05:53 +04:00			`- QR expiry after 100 checks on the frontend`
changes 2026-05-21 15:18:28 +04:00			`- direct Telegram open button using the same deep link returned by QR creation`
good commit 2026-05-21 15:05:53 +04:00			`- fallback session re-check if QR creation fails`
very first commit 2026-01-26 16:21:23 +04:00
good commit 2026-05-21 15:05:53 +04:00			`Cookie requirements expected by consumers:`
very first commit 2026-01-26 16:21:23 +04:00
good commit 2026-05-21 15:05:53 +04:00			- name: `userauth_session`
			- path: `/`
			- `HttpOnly: true`
			- `Secure: true`
			- `SameSite: None`
			- `MaxAge: 86400`
very first commit 2026-01-26 16:21:23 +04:00
good commit 2026-05-21 15:05:53 +04:00			`Credentialed CORS is required on the backend.`