Telegram Authentication Flow

Telegram login logic includes:

1. Embed Telegram login widget in the app/web
2. Redirect to Telegram Auth
3. Client sends hash-signature
4. Server verifies signature
5. User is searched/created
6. JWT is returned to client

📋 Acceptance Criteria

✅ What to consider:

• Telegram login must verify the signature using Telegram's authentication rules.
• Only users with valid signatures should be authenticated.
• After successful authentication, a JWT token must be generated and returned to the client.

✅ Acceptance Criteria (AC):

• GIVEN a user initiates Telegram login

• WHEN the signature received from Telegram is valid

• THEN the user is authenticated and a JWT token is generated and sent to the client

• GIVEN the signature is invalid or missing

• WHEN the backend processes the login attempt

• THEN authentication fails and no token is issued

• GIVEN a valid JWT token is issued

• WHEN the user makes authenticated requests

• THEN the backend verifies the token and grants access accordingly

✅ Please check the Definition of Done before moving this issue to Close.