All threads / How do i create a QR code lead authentication strategy
Ask A Question

Notifications

You’re not receiving notifications from this thread.

How do i create a QR code lead authentication strategy

Dearg OBartuin asked in Rails

Hi all,

please visit the popular challenger bank https://web.tide.co/login/ for an example.
Their auth strategy is to present the user with a QR code that changes every 30 seconds (I'm sure this is a representation of some form of hash representing a token). In order for the user to authenticate, they must open the mobile app, authenticate and then scan the QR code via the app. This fires a request back to the provider who then match the two tokens and then authenticated the online website and shows the dashboard.

I am curious how this strategy keeps the login page on the webpage constantly listening for a change in the backend to know for sure the QR code has been scanned from an authenticated device. Are Tide keeping a channel open at their log in page, creating a session cookie and storing it locally. Some scalable and reliable way to return back to the browser from the mobile app.

If you were re-creating this in rails, where would you start?

thanks

Join the discussion

Want to stay up-to-date with Ruby on Rails?

Join 54,919+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    logo Created with Sketch.

    Ruby on Rails tutorials, guides, and screencasts for web developers learning Ruby, Rails, Javascript, Turbolinks, Stimulus.js, Vue.js, and more. Icons by Icons8

    © 2021 GoRails, LLC. All rights reserved.