PHPackages kilogram/auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. kilogram/auth ActiveLibrary[Authentication & Authorization](/categories/authentication) kilogram/auth ============= Secure and simple validation library for Telegram Login Widget and Web App data (including Third-Party validation support). 1.0.1(4mo ago)01MITPHPPHP ^8.2CI passing Since Dec 25Pushed 4mo agoCompare [ Source](https://github.com/chipslays/telegram-auth)[ Packagist](https://packagist.org/packages/kilogram/auth)[ RSS](/packages/kilogram-auth/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (2)Dependencies (1)Versions (3)Used By (0) Telegram Auth ============= [](#telegram-auth) Secure and simple validation library for Telegram [**Login Widget**](https://core.telegram.org/widgets/login) and [**Web App**](https://core.telegram.org/bots/webapps) (including [**Third-Party**](https://core.telegram.org/bots/webapps#validating-data-for-third-party-use) validation support). Features -------- [](#features) - Validate Telegram Login Widget payload. - Validate Telegram Web App. - Validate Telegram Web App data for Third-Party Use. Requirements ------------ [](#requirements) - [PHP](https://www.php.net/): `^8.2` - [ext-hash](https://www.php.net/manual/en/book.hash.php): `*` - [ext-sodium](https://www.php.net/manual/en/book.sodium.php): `*` Installation ------------ [](#installation) ``` composer require kilogram/auth ``` Quick start ----------- [](#quick-start) Usage examples are also available in the [examples](/examples) directory. ### Login Widget (simple) [](#login-widget-simple) ``` use Kilogram\Auth\Validator; $validator = new Validator($_ENV['TELEGRAM_BOT_TOKEN']); if ($validator->isValidLoginWidget($data)) { echo "Authenticated. User ID: " . $data['id']; } else { echo "Authentication failed"; } ``` ### Login Widget (with exceptions) [](#login-widget-with-exceptions) ``` use Kilogram\Auth\Validator; use Kilogram\Auth\Exceptions\InvalidDataException; use Kilogram\Auth\Exceptions\ValidationException; $validator = new Validator($_ENV['TELEGRAM_BOT_TOKEN']); try { $validator->validateLoginWidget($data); echo "Authenticated. Hello " . ($data['first_name'] ?? 'user'); } catch (InvalidDataException $e) { // Developer error: invalid input format (e.g. missing "hash") echo "Bad request: " . $e->getMessage(); } catch (ValidationException $e) { // Invalid signature: possible tampering echo "Authentication failed"; } ``` ### Web App (simple) [](#web-app-simple) ``` use Kilogram\Auth\Validator; $validator = new Validator($_ENV['TELEGRAM_BOT_TOKEN']); if ($validator->isValidWebApp($initData)) { echo "Web App authenticated"; } else { echo "Invalid initData"; } ``` ### Web App (with exceptions) [](#web-app-with-exceptions) ``` use Kilogram\Auth\Validator; use Kilogram\Auth\Exceptions\InvalidDataException; use Kilogram\Auth\Exceptions\ValidationException; $validator = new Validator($_ENV['TELEGRAM_BOT_TOKEN']); try { $validator->validateWebApp($initData); echo "Web App authenticated"; } catch (InvalidDataException $e) { // Developer error: initData format is broken / empty echo "Bad request: " . $e->getMessage(); } catch (ValidationException $e) { // Invalid signature echo "Authentication failed"; } ``` ### Web App Third-Party (simple) [](#web-app-third-party-simple) ``` use Kilogram\Auth\Validator; if (Validator::isValidWebAppDataForThirdParty($initData, $botId)) { echo "Web App authenticated (Third-Party)!"; } else { echo "Invalid data"; } ``` ### Web App Third-Party (with exceptions) [](#web-app-third-party-with-exceptions) ``` use Kilogram\Auth\Validator; use Kilogram\Auth\Exceptions\ValidationException; try { Validator::validateWebAppDataForThirdParty($initData, $botId); echo "Web App authorized!"; } catch (ValidationException $e) { echo "Authentication failed"; } ``` License ------- [](#license) MIT ### Health Score 34 — LowBetter than 77% of packages Maintenance75 Regular maintenance activity Popularity1 Limited adoption so far Community6 Small or concentrated contributor base Maturity48 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 145d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/19103498?v=4)[chipslays](/maintainers/chipslays)[@chipslays](https://github.com/chipslays) --- Top Contributors [![chipslays](https://avatars.githubusercontent.com/u/19103498?v=4)](https://github.com/chipslays "chipslays (6 commits)") --- Tags validationsecurityauthAuthenticationbottelegramwebapplogin-widget ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/kilogram-auth/health.svg) ``` [![Health](https://phpackages.com/badges/kilogram-auth/health.svg)](https://phpackages.com/packages/kilogram-auth) ``` ### Alternatives [tg/tgwebvalid An easy way to validate Telegram Login Widget and Telegram Mini App users on your website using PHP 6821.7k1](/packages/tg-tgwebvalid)[delight-im/auth Authentication for PHP. Simple, lightweight and secure. 1.3k135.7k20](/packages/delight-im-auth)[remotemerge/totp-php Lightweight, fast, and secure TOTP (2FA) authentication library for PHP — battle tested, dependency free, and ready for enterprise integration. 2010.2k](/packages/remotemerge-totp-php) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)