Telegram
Use the bot or Mini App for the normal identity flow. Server-side hash validation remains required before a web session is issued.
First time linking: sign in with email, then press the Telegram button on this page.
Open Telegram bridgeWe are one access
Sign in without making Telegram a single point of failure.
Telegram remains the primary identity layer. Email magic links and admin recovery paths provide controlled fallback access when Telegram is unavailable.
Email magic link
Recovery policy
Administrators should keep e-mail recovery plus future TOTP/WebAuthn or recovery codes enabled. Telegram alone is not accepted as a durable admin access policy.
Passwordless by default
Magic links are single-use, short-lived, server-hashed, and stored separately from sessions. Public routes do not reveal whether an email address exists.
Email backup is now SMTP-backed.
If mail delivery is configured, existing users can request a one-time login link. The first administrator can be bootstrapped safely from the shell without opening a public break-glass route.