[Feature]: Improve security by allowing to pass token's hmac hash instead of token
snimshchikov opened this issue · comments
snimshchikov commented
Is your feature request related to a problem? Please describe.
I want to minimize the number of places where I need to provide bot token.
Describe the solution you'd like
an option skip_token_hashing added to ValidateOptions (or something like this)
Describe alternatives you've considered
No response
Additional context
Bot's token is always encoded with hmac sha256 function with the same key. It is possible to check data authenticity just by providing this hash instead of bot's token.
Vladislav Kibenko commented
Your feature is Implemented in @tma.js/init-data-node@1.4.0
snimshchikov commented
You are the best, thank you!