[Feature]: Improve security by allowing to pass token's hmac hash instead of token

Question

[Feature]: Improve security by allowing to pass token's hmac hash instead of token

Closed this issue 2 months ago · 2 comments

snimshchikov commented 3 months ago

Is your feature request related to a problem? Please describe.

I want to minimize the number of places where I need to provide bot token.

Describe the solution you'd like

an option skip_token_hashing added to ValidateOptions (or something like this)

Describe alternatives you've considered

No response

Additional context

Bot's token is always encoded with hmac sha256 function with the same key. It is possible to check data authenticity just by providing this hash instead of bot's token.

Answer 1 · 2024-07-06T11:24:42.000Z

Your feature is Implemented in @tma.js/init-data-node@1.4.0

Answer 2 · 2024-07-06T12:57:10.000Z

You are the best, thank you!