You’re not receiving notifications from this thread.
How do i create a QR code lead authentication strategy
please visit the popular challenger bank https://web.tide.co/login/ for an example.
Their auth strategy is to present the user with a QR code that changes every 30 seconds (I'm sure this is a representation of some form of hash representing a token). In order for the user to authenticate, they must open the mobile app, authenticate and then scan the QR code via the app. This fires a request back to the provider who then match the two tokens and then authenticated the online website and shows the dashboard.
I am curious how this strategy keeps the login page on the webpage constantly listening for a change in the backend to know for sure the QR code has been scanned from an authenticated device. Are Tide keeping a channel open at their log in page, creating a session cookie and storing it locally. Some scalable and reliable way to return back to the browser from the mobile app.
If you were re-creating this in rails, where would you start?