QR Code Verification
š Overview
QR Code verification is a secure and user-friendly method to activate or authenticate a user without manually entering an OTP. The QR code typically contains an OTP and its associated verification key in JSON format.
š© QR Code Delivery
- A QR code is sent to the user's email address as part of activation or OTP verification.
- This QR code contains an encrypted payload with the OTP details.
š§¾ QR Code Format (Scanned Content)
Below is the format of code received in the userās registered email id:
The scanned QR code contains the following JSON:
{
"value": "dtm88k",
"key": "jg9ksj",
"expiry": "2021-03-10T12:26:04IST",
"userId": "prit1"
}š Field Descriptions
| Field | Description |
|---|---|
value | The OTP or activation code value |
key | Verification key tied to this code, must match SDK's verificationKey |
expiry | Expiration time of this QR code |
userId | The user ID this QR code belongs to |
š Workflow
- The SDK triggers a challenge like
getActivationCodeorgetEmailOTP. - Your app displays a QR scanner UI to the user.
- User scans the QR code from email.
- The app extracts the
valueandkeyfrom the QR code JSON. - It compares the
keywithverificationKeyreceived from the SDK. - If they match, the app calls the corresponding API:
setActivationCode(value)ā for activation flowssetEmailOTP(value)ā for email-based OTP verification
šÆ Matching Keys
- Match
verificationKeyfrom SDK payload withkeyfrom QR JSON. - Only submit the
valueif the keys match.
ā ļø Error Scenarios
| Error Code | Meaning |
|---|---|
4 | Invalid arguments (malformed input) |
17 | Service not supported |
52 | Failed to open HTTP connection |
108 | Invalid TOTP credential |
Ensure QR code hasnāt expired and hasnāt been modified.
š§ Best Practices
- Always check QR code
expirybefore using. - Provide fallback option to manually enter OTP.
- Validate that scanned
keymatches SDK-providedverificationKey.
Updated 9 months ago