# Telegram UserAuth UI

Reusable Angular-hosted UI for Telegram login.

The app now boots directly into the live `userauth` flow instead of a demo dialog. On load it:

- checks `GET /userauth/session`
- creates a QR session with `POST /userauth/qr/create`
- polls `GET /userauth/qr/poll?token=...` every 5 seconds
- falls back to session re-check polling if QR creation or polling fails

## Run

```bash
npm start
```

The dev server runs on port `4300`.

## Build

```bash
npm run build
```

## Backend contract

This UI is intended to work against a reusable Telegram auth backend with these endpoints:

- `GET /userauth/session`
- `POST /userauth/qr/create`
- `GET /userauth/qr/poll?token=...`
- `POST /userauth/qr/confirm`
- `GET /userauth/telegram/callback`
- `POST /userauth/logout`
- `POST /usersession/{sessionId}`

Expected authenticated session payload:

```json
{
	"sessionId": "550e8400-e29b-41d4-a716-446655440000",
	"telegramUserId": 123456789,
	"username": "ivan_petrov",
	"displayName": "Ivan Petrov",
	"active": true,
	"expiresAt": "2026-05-21T14:30:00Z"
}
```

Runtime expectations preserved by the UI:

- QR polling every 5 seconds
- QR expiry after 100 checks on the frontend
- direct Telegram open button using the same deep link returned by QR creation
- fallback session re-check if QR creation fails

Cookie requirements expected by consumers:

- name: `userauth_session`
- path: `/`
- `HttpOnly: true`
- `Secure: true`
- `SameSite: None`
- `MaxAge: 86400`

Credentialed CORS is required on the backend.