Scan code login principle

Summarize in one sentence: QR code login is essentially the process of requesting the login party requesting the logged-in party to write login credentials to specific media. Here, the requesting login party is the Web side, and the logged-in party is the APP side. The login credential can be user information, or a credential in exchange for user information, and the specific medium is a QR code. The specific scan code login process is as follows:

1. Open the login page, display a QR code, and poll the status of the QR code at the same time(web)
2. After opening the APP and scanning the QR code, the APP displays the confirmation and cancel buttons(app)
3. The login page displays the scanned user profile picture and other information(web)
4. The user clicks to confirm login on the APP(app)
5. The login page knows from the status of polling the QR code that the user has confirmed login and obtained the login credentials(web)
6. The page login is successful and enter the main application page(web)

Throughout the process, a specific QR code acts as a bridge between the requesting login party and the logged-in party. The two-dimensional code essentially converts a piece of text information into a picture that can be decoded and recognized through a certain agreed encoding method, and its essence is a piece of text information. Therefore, we can write the QR code ID, creation time, expiration time and other information into the QR code, and the APP terminal can recognize the QR code by decoding the QR code information (this is the basic function of the terminal media) . On the Web side, there is generally an interface for requesting QR code generation. This interface will return the QR code ID and the QR code connection. The ID is used to query the latest status of the QR code, and the link is used for display. In this way, the Web and APP have established a consensus: QR code ID. The APP side can modify the status of the QR code through authorization, and the Web side can monitor the status change of the QR code through polling, and obtain the login credentials to complete the login. Let's break it down in detail, what are the statuses of the QR code:

• Not scanned
• Scanned, waiting for user confirmation
• Scanned, the user agrees to authorize
• Scanned, user canceled authorization
• expired

The APP can modify the status of the QR code. A total of three interfaces are used:

• Confirm scanned
• Agree to authorize
• Cancel authorization

Once the web terminal monitors that the QR code status has changed to Agree to Authorize, the login is complete. When the APP side requests these interfaces, it needs to bring the login credentials (this is obvious), and the back-end interface can determine the authorized users from this, so as to bind the QR code ID and the user ID.

For more information, see:

• Scan Code Login Practical Series 1: Principle and Process Design (opens new window)
• Scan Code Login Actual Combat Series 2: Backend Interface Implementation (opens new window)
• Scan code login combat series 3: Front-end SDK packaging (opens new window)
• Scan Code Login Actual Combat Series 4: Summary (opens new window)