Is inputMessageContact user_id verified server side?

[forgotPassword]

Backstory: I wish to implement a login flow that requires access to user's phone number. Using telegram bot it is possible to request it with KeyboardButton->request_contact, which seems to result in inputMessageContact message. It is then possible to check if sender's user_id matches contacts user_id.

Question: The docs for contact object vaguely say: user_id_ Identifier of the user, if known; otherwise 0.. What is the purpose of if known? Is it validated by tdlib client side? server side? Will a custom api-lib be able to fake it?

When I tried to set incorrect user_id <--> phone, the server seems to ignore the user_id field, hence why bother passing it? Is this behavior guaranteed?

** Telegram passport is not a solution, besides forcing the user to setup two-step password, for some reason it never actually sent me the sms to verify my phone, seems like abandonware.

Thank you!

[levlam]

The server always ignores user_id field passed in inputMessageContact.contact, adding it whenever appropriate to the messageContact.contact. If the message is sent, you can trust the value of messageContact.contact.user_id.

[forgotPassword]

To anyone else who wishes to implement a similar flow, be aware that the value of phone_number is somehow normalized before the server decides to match the user_id, but the returned value of phone_number is not.

eg if your phone is +1xxxxxxx, the following will also be accepted and returned as valid: 00000++000001x+++xxxx+++xx

@levlam, is this intended? any chance for a fix?

[levlam]

It works as described. There is no way to fix old messages, so bots anyway can receive forwards of old messages with non-normalized phone numbers.

[franklinaampadu]

Ok with me