diff --git a/data/corefork.telegram.org/api/auth.html b/data/corefork.telegram.org/api/auth.html index 259017f18f..cd474f6894 100644 --- a/data/corefork.telegram.org/api/auth.html +++ b/data/corefork.telegram.org/api/auth.html @@ -47,10 +47,18 @@
Example implementations: telegram for android, tdlib.
To show a nicely formatted and validated phone number field, the help.countriesList constructor can be obtained using the help.getCountriesList method.
The help.countriesList config is then used as described here ยป.
Authorization requires that a text message containing an authorization code first be sent to the user's phone.
-This may be done using the auth.sendCode method.
-The system will automatically choose how to send the authorization code; there are four possible ways the code can arrive:
Then, a text message containing an authorization code is sent to the user's phone using auth.sendCode.
+However, this is not always the case, if logout tokens are used:
When invoking auth.logOut on a previously authorized session with 2FA enabled, the server may return a future_auth_token
, which should be stored in the local database.
+At all times, the logout token database should contain at most 20
tokens: evict older tokens as new tokens are added.
+When invoking auth.sendCode, all logout tokens present in the database should be provided to codeSettings.logout_tokens
.
+If any of the logout tokens matches the account we're trying to login into and the token hasn't expired, auth.sendCode will directly return a SESSION_PASSWORD_NEEDED
RPC error, directly asking the user to enter the 2FA password, without sending any authorization code.
Otherwise, the system will send an authorization code using the following logic:
+The system will automatically choose how to send the authorization code; there are multiple possible ways the code can arrive:
The auth.sendCode method also has parameters for enabling/disabling use of flash calls, and allows passing an SMS token that will be included in the sent SMS. +
The auth.sendCode method also has parameters for enabling/disabling use of flash calls and missed calls, and allows passing an SMS token that will be included in the sent SMS. For example, the latter is required in newer versions of android, to use the android SMS receiver APIs.
The returned auth.SentCode object will contain multiple parameters: