Skip to content

Support validating init data using only bot id.#1715

Merged
JrooTJunior merged 4 commits intoaiogram:dev-3.xfrom
sheldygg:dev-3.x
Aug 17, 2025
Merged

Support validating init data using only bot id.#1715
JrooTJunior merged 4 commits intoaiogram:dev-3.xfrom
sheldygg:dev-3.x

Conversation

@sheldygg
Copy link
Contributor

@sheldygg sheldygg commented Jul 25, 2025
edited
Loading

Description

https://core.telegram.org/bots/webapps#validating-data-for-third-party-use

Type of change

Feature

Please delete options that are not relevant.

  • Documentation (typos, code examples or any documentation update)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

@github-actions github-actions bot added the 3.x Issue or PR for stable 3.x version label Jul 25, 2025
@github-actions
Copy link

github-actions bot commented Jul 25, 2025
edited
Loading

✔️ Changelog found.

Thank you for adding a description of the changes

@JrooTJunior JrooTJunior requested a review from Copilot August 17, 2025 16:10
Copilot AI reviewed Aug 17, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements a new feature to validate Telegram WebApp init data using only the bot ID instead of requiring the bot token, following Telegram's documentation for third-party use validation.

  • Adds signature-based validation functionality using Ed25519 cryptography
  • Introduces new optional dependency group for cryptography package
  • Provides both basic signature checking and safe data parsing functions

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
aiogram/utils/web_app_signature.py Core implementation of signature validation functions using Ed25519 cryptography
tests/test_utils/test_web_app_signature.py Comprehensive test suite covering valid/invalid signatures and data parsing
pyproject.toml Adds new "signature" optional dependency group with cryptography requirement
.github/workflows/tests.yml Updates CI to install signature dependencies and normalizes YAML formatting
CHANGES/1715.feature.rst Changelog entry documenting the new feature

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@JrooTJunior JrooTJunior merged commit 6aa6e00 into aiogram:dev-3.x Aug 17, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@JrooTJunior JrooTJunior JrooTJunior approved these changes

Assignees

No one assigned

Labels

3.x Issue or PR for stable 3.x version

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sheldygg @JrooTJunior