Add Telegram browser login for user credential extraction#54
Add Telegram browser login for user credential extraction#54joshalbrecht wants to merge 5 commits intomainfrom
Conversation
Extends the Telegram service to support `latchkey auth browser telegram`. Instead of extracting final credentials, this exploration session dumps all localStorage, sessionStorage, cookies, and captured network requests to /tmp/latchkey-telegram-dump.json for inspection. This lets us see what auth tokens web.telegram.org makes available after login. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…tect The previous approach tried to auto-detect login completion from network responses, but the Telegram Web A SPA loads its full bundle (>50KB) before login, causing false-positive detection. Also, BrowserFollowupServiceSession opens a spinner in a second tab. Now overrides login() directly with a simpler flow: - Opens browser to web.telegram.org/a/ - Prompts user to press Enter after logging in - Dumps localStorage, sessionStorage, IndexedDB structure, cookies, and all captured network requests to /tmp/latchkey-telegram-dump.json - Prints a summary of what was found Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two scripts that confirm the full auth extraction chain works: - test_telegram_session.py: Reads auth_key from browser dump, converts to Telethon StringSession, connects and verifies identity via get_me() - test_botfather.py: Sends /mybots to BotFather and reads the response, confirming we can programmatically interact with BotFather Both tested successfully: authenticated as the user and received BotFather responses. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds TelegramUserCredentials type that stores MTProto auth_key data extracted from web.telegram.org localStorage after browser-based login. This enables programmatic Telegram user API access via libraries like Telethon without requiring a separate phone/OTP flow. Changes: - Add TelegramUserCredentials (dcId, authKeyHex, userId, firstName) - Add TelegramBrowserSession that opens web.telegram.org, waits for user login, then extracts auth_key from localStorage - Register TelegramUserCredentials in serialization system - Telegram service now supports both `auth browser` (user credentials) and `auth set-nocurl` (bot token) - Update registry test: use AWS instead of Telegram as example of service without getSession (Telegram now has it) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Vet found 1 issue.
🔴 Vet Issue test_coverage severity: 3/5, confidence: 0.90
The diff introduces significant new functionality (TelegramUserCredentials class, TelegramBrowserSession, serialization/deserialization of TelegramUserCredentials) but no unit tests are added for the new credential type's serialization, deserialization, toJSON/fromJSON, or injectIntoCurlCall behavior. The existing test files (e.g., tests/apiCredentials.test.ts) should be updated with tests for TelegramUserCredentials.
Adds `latchkey auth get <service_name>` which outputs the stored credentials as JSON. This enables programmatic access to stored credentials (e.g., for the Telegram bot creation script to read the extracted auth_key). Also fixes prettier formatting on telegram.ts that was causing CI format check failures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Vet found 1 issue.
🔴 Vet Issue test_coverage severity: 3/5, confidence: 0.90
The diff introduces significant new functionality: TelegramUserCredentials class, TelegramBrowserSession class, the 'auth get' CLI command, and serialization/deserialization support for TelegramUserCredentials. However, no new unit tests are added for any of these. The only test change is modifying an existing test to use AWS instead of Telegram. Tests should be added for TelegramUserCredentials serialization/deserialization, the 'auth get' command, and the checkApiCredentials override.
There was a problem hiding this comment.
Vet found 1 issue.
🔴 Vet Issue test_coverage severity: 3/5, confidence: 0.85
The diff introduces significant new functionality: TelegramUserCredentials class, TelegramBrowserSession, serialization/deserialization of user credentials, the auth get CLI command, and checkApiCredentials override. No unit tests are added for any of these. At minimum, tests for TelegramUserCredentials serialization/deserialization roundtrip and the checkApiCredentials override returning Unknown should be added.
|
Thanks, Josh :) I appreciate this! Still, I think most of this functionality is probably out of scope for Latchkey:
|
2 participants
Summary
TelegramUserCredentialstype that stores MTProtoauth_keydata extracted fromweb.telegram.orglocalStorage after browser-based loginlatchkey auth browser telegramnow opens a browser, waits for the user to log in, then extracts the auth_key and persists it in the encrypted credential store asTelegramUserCredentialslatchkey auth get <service_name>command that outputs stored credentials as JSON, enabling programmatic access from external scriptslatchkey auth set-nocurl telegram <bot-token>flow for bot tokens is unchangedChanges
TelegramUserCredentialsclass storingdcId,authKeyHex,userId,firstNameTelegramBrowserSessionthat overrideslogin()with a manual "press Enter after login" flow (Telegram Web A's SPA makes response-based auto-detection unreliable)TelegramUserCredentialsSchemaregistered inapiCredentialsSerialization.tsTelegram.checkApiCredentials()returnsUnknownfor user credentials (MTProto can't be checked via curl)auth getCLI command for programmatic credential retrievalgetSessionTest plan
npm run buildpassesnpm run lintpassesnpm run format:checkpassesnpm testpasses (265 tests pass; 2 timeout-only failures on lint/typecheck test wrappers that pass when run directly)latchkey auth browser telegram, logged in, verified credentials extracted and persistedlatchkey auth get telegramoutputs stored credentials as JSONGenerated with Claude Code