Biometric Verification

The verification system uses Mercle OAuth to authenticate users through biometric face verification. This prevents bots and fake accounts from joining your group.

When enabled, new members receive a verification prompt and must complete the OAuth flow within the configured timeout.

1. 1.User joins group or triggers /verify command
2. 2.Bot generates OAuth URL with encrypted state (user ID, group ID, pending ID)
3. 3.User clicks verification button and completes Mercle OAuth
4. 4.Mercle performs liveness detection and face matching
5. 5.On success, user is granted full group permissions
6. 6.On timeout, configured action is taken (mute or kick)

• checkLiveness detection: Ensures user is present during verification
• checkFace matching: Compares face to stored identity
• checkOne-time verification: Users only need to verify once
• checkEncrypted state: OAuth state contains encoded user/group context
• checkPrivacy-first: Biometric data handled by Mercle, not stored by bot

• • OAuth Provider: Mercle SDK
• • State Encoding: Base64 JSON with user_id, group_id, pending_id, chat_id, message_id
• • Flow Types: "bot" (standard) or "mini_app" (from Mini App)
• • Pending Service: Tracks verification status in database
• • Permissions: Uses Telegram chat permissions API to restrict/unrestrict users