Sign in with Telegram
Authentication uses Telegram OpenID Connect Authorization Code flow with PKCE.
Security notes
Session and API access controls for product UI.
- Session is stored in HttpOnly cookie.
- Backend APIs require valid JWT claims.
- Telegram callback validates ID token signature via JWKS.
Need API docs for backend? Open /api/openapi.json.