Class: SpreeCmCommissioner::TelegramOauthTokenExchanger

Inherits:
BaseInteractor
  • Object
show all
Defined in:
app/interactors/spree_cm_commissioner/telegram_oauth_token_exchanger.rb

Overview

Exchanges a Telegram OAuth authorization code for an id_token at Telegram's token endpoint. This is the server-side half of the mobile/web PKCE login: the client cannot call Telegram's /token directly (native apps have no registered HTTPS origin, and browsers are blocked by CORS), so it relays the exchange through us.

Telegram validates the redirect_uri parameter against a BotFather- registered domain, not the caller's host, so this can safely run from the API server. This Telegram Login Widget client is confidential (it has a client_secret), so PKCE alone isn't enough — Telegram's /token endpoint still requires client_secret, which is why it must be injected here server-side rather than sent by the app.

Docs: https://core.telegram.org/bots/telegram-login

Constant Summary collapse

TOKEN_ENDPOINT =
'https://oauth.telegram.org/token'.freeze
REQUIRED_PARAMS =
%i[client_id code redirect_uri code_verifier].freeze

Instance Method Summary collapse

Instance Method Details

#callObject



23
24
25
26
27
28
29
30
31
32
# File 'app/interactors/spree_cm_commissioner/telegram_oauth_token_exchanger.rb', line 23

def call
  missing = REQUIRED_PARAMS.find { |key| context[key].blank? }
  return context.fail!(message: "#{missing}_missing") if missing
  return context.fail!(message: 'telegram_oauth_client_secret_not_configured') if client_secret.blank?

  response = post_to_telegram

  context.status = response.code.to_i
  context.body = response.body
end