Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Expired initData on iOS and macOS #646

Open
Aleksandr-Karikov opened this issue Feb 1, 2025 · 0 comments
Open

[Bug]: Expired initData on iOS and macOS #646

Aleksandr-Karikov opened this issue Feb 1, 2025 · 0 comments
Assignees
@heyqbnk
Labels
bug Something isn't working

Comments

@Aleksandr-Karikov
Copy link

Telegram Application

Telegram for iOS, Telegram for macOS

Describe the Bug

We used the Auth Guide from the documentation in our application, meaning that initData is used for authentication. However, we started experiencing issues with Apple clients—they were unable to use the application and received a 401 error due to expired initData.

After debugging, I discovered that the issue is caused by retrieveRawLaunchParams(), specifically when it tries to get launchParams from performance.getEntriesByType('navigation')[0].

Issue explanation:

  1. The application starts with launchParams retrieved from the URL: fromURL(window.location.href)
  2. After restarting the application, we get new launchParams from the URL again: fromURL(window.location.href) However, old launchParams are still stored in the performance API.
  3. The library refreshes the page after initialization to hide launchParams from the URL.
  4. retrieveRawLaunchParams() then tries to get launchParams using the second method: performance.getEntriesByType('navigation')[0] But this contains outdated data.
  5. After one hour, the old initData expires, causing authentication failures.
  • Restarting the app does not help, because performance API continues to return outdated data indefinitely.

Possible fixes

  • Affected users can fix this by re-logging into Telegram.
  • Alternatively, I implemented a workaround by overriding performance.getEntriesByType() to prevent it from returning outdated data:
const originalGetEntriesByType = performance.getEntriesByType;
performance.getEntriesByType = function (type: string) {
  if (type === 'navigation') {
    console.warn(
      "⚠️ Ignoring performance.getEntriesByType('navigation') to avoid old data"
    );
    return [];
  }
  return originalGetEntriesByType.call(performance, type);
};

Would it be possible to fix this issue in the library itself?
I assume that the problem arises due to the way the performance api works on iOS devices

To Reproduce

Steps to reproduce the behavior:

  1. Start application
  2. Close application
  3. Start application
  4. See old launch params from first start up

Expected Behavior

  • After restarting the application, the authentication process should receive fresh initData instead of outdated values.
  • The retrieveRawLaunchParams() function should not rely on performance.getEntriesByType('navigation') when window.location.href does not contain initData.
@Aleksandr-Karikov Aleksandr-Karikov added the bug Something isn't working label Feb 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@heyqbnk heyqbnk

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@heyqbnk @Aleksandr-Karikov