User authentication is a crucial matter. Today, almost every activity can be executed online, so verifying the user's authenticity to access certain websites or platforms is important in terms of privacy, security and more. Plus, user authentication is a process we go through every day, multiple times a day. Yet, these processes are not always the most sophisticated ones!
In previous blog posts, we have shown you the main trends in onboardings and signups: top security, best-in-class UX, frictionless, etc. But today, we bring you one of the latest trends in user authentication — onboarding flows via messaging apps!
User authentication via Telegram or WhatsApp
Authenticating users via a messaging app –like Telegram or WhatsApp– is possible if your authentication methods include magic links or one-time passwords. Let's explore each of them to see how they work and what their advantages are.
Magic links via Telegram or WhatsApp
Magic links are authenticated URLs that are sent to the user's phone number or email account. While the most common option is to send these URLs to an email account, it is also possible to send it to the user's phone via a messaging platform.
Once the user receives the link, regardless of the medium chosen, they will be automatically verified and they can be automatically authenticated as well. One of the main advantages of magic links is their frictionless style. Just by clicking the link, users can be verified and access the platform they intend to reach.
Magic links can be used as the only authentication method, which makes them a highly frictionless signup method and a great alternative to passwords. Plus, it is considered one of the most secure signup methods, since it implies user verification, among other aspects.
One-time codes via Telegram or WhatsApp
One-time passwords or OTPs are unique codes that are sent to the users, normally to their phone number or email account. Just like it happens with magic links, these can be sent to the user with different means, including a messaging platform app.
One-time codes are formed by 4 to 6 digits, they are linked to one reference and they are limited in time. Users are authenticated when they enter the code they have received in their device in the correspondent time step.
This authentication method can be used in multi-factor authentication processes, to complement passwords, or to verify money transactions, for instance. Although this is a less common practice, OTPs can also be used as the only authentication method. In both cases, this is a secure signup system, since it relies on different criteria to grant access: the code itself, the reference, and the time step.
Advantages of authenticating users via messaging apps
Whatever option you use, you can take advantages of the following benefits:
✅ User verification. Onboarding users via Telegram allows you to add an extra verification factor, since they need to click the link or enter the OTP code.
✅ Frictionless. Especially practical when used as the only authentication factor, using magic links or OTPs in Telegram is a great way to shorten your onboarding forms and get better conversion rates.
✅ Sophisticated signup method. Telegram allows you to build best-in-class onboarding flows. You can use it either in passwordless forms or multi-factor authentication forms.
✅ Handy. One of the great and unique advantages of using Telegram as a signup channel is that users can reach it via phone or computer. Either if your users sign up via desktop or mobile, they can easily reach their Telegram app and sign up instantly.
A real example: Onboarding users via Telegram
We'll illustrate this method with a real example: the onboarding flow via Telegram of Women Make.
Women Make is a Telegram-based community made for women entrepreneurs to support each other. While Women Make offers content on their website, it also offers a Telegram chat where participants pose their questions, show support, and share resources. Taking this into account, it doesn't come as surprise that their onboarding flow relies on Telegram!
After clicking on Sign up with Telegram, users are displayed with the instructions they have to follow. It is as simple as taking these 4 steps to join this community.
This is how a Telegram bot looks like. You can trigger different actions by using the command /action. As you can see, you can both signup or login by using the proper command. The user just has to click the magic link you see in the image below to be automatically authenticated.
💡 Keep in mind this is an example to onboard users to a Telegram community, but you can use this method for any kind of onboarding!
How to create an authentication flow with Telegram
Creating a Telegram bot to authenticate your users is easier than you may think! All you need to do is configure your own Telegram bot and then you can create your onboarding flow with Arengu with almost no coding skills. For this use case we will need:
- An endpoint that generates a magic link with the Telegram user ID. For this, you can just sign a JWT with the Telegram user ID information.
- Creating a Telegram bot.
- A callback endpoint that receives the magic link and authorizes the user in your application.
1. Set up a bot in Telegram
This is the very first step of this process, since you will need your own Telegram bot to execute actions, such as the signup or login actions.
Search for @BotFather in Telegram and start chatting with it to see all the possible actions.
Click on BotFather and select Start to start chatting with it.
If you want to create a brand new bot, click or send /newbot. If you want to edit an already existing bot, click or send /mybots.
After you do so, @BotFather will give you instructions to proceed: name the bot, choose a username and send your secret token to start using it.
Remember you can also send /token in case you need it again. Remember to keep it secret! 🤐 Otherwise people will be able to control your bot without your consent.
2. Building the logic with the flow editor
Arengu allows you to create any form and flows you can think of, including onboarding flows. Plus, you can easily integrate third-party tools to optimize your form and use Arengu as a boilerplate.
This is an example on how to configure the Telegram native action in Arengu. All you need to do is pasting the secret token we got from BotFather and use as Chat ID the variable we dynamically receive from the Telegram bot once a user chats with it. We have included a welcome message with two actions that this bot can execute. You can personalize this message to guide the user through all the possibilities.
Of course, you can also use the Telegram action in more complex flows. For instance, you can create a flow that sends a magic link to the user, either via email, SMS or Telegram, both in a multi-factor authentication flow or in a passwordless form.
Once the main logic is built, you can link it to a form or also consume it via API setting a Telegram webhook where you will receive information (eg. the user's ID) every time a user chats with the bot.
Keep in mind you can integrate Arengu with any API-based tool you want! Are you willing to try this to authenticate users? Try Arengu for free to explore this option, any many others! And let us know what you think!