QRlogin

What is QRlogin

Features

See online demo

How does it work?

Demo login

Each device can store an unique identifier. This identifier can be bound with an user account. This demonstration will uncover the unique identifier of your device for this site.

Your unique identifier will appear below

Previous attempt:

>> More demos - sign a message <<

Sign a message

QRlogin can be used to sign a message as well. This could be useful when application need to authorize a command or an operation (for example: a money transfer). Type a message below and try to generate a digital signature


                            

Because a long message cannot be sent through the QR code, the message's fingerprint will be used

Signature:

The unique identifier of the signer calculated from the signature:
(must be equal to your UID)

Add to your site

Using OAuth 2.0

Authorization endpoint:
auth (redirect)
Token endpoint:
token (POST)
Identity endpoint:
ident (GET, Authorization: Bearer)
Client identification:
The client_secret is ignored. The client_id must be equal to redirect_uri's domain (including port if specified). The scope is ignored
Interface language:
Include &lang=XX into the Authorization endpoint url. Currently supported languages are: en, cs

More >>
Less <<
  1. Redirect the user-agent to the "auth" page:
                            auth?redirect_uri=<url>&state=<state>
    	
    • url - url of a page to redirect the user-agent after the autentification.
    • state - CSRF token (a random string generated by your site)
    • After redirection, read the code and check the state
  2. Receive the identity - let your site validates the returned token
    	POST token
    	DATA code=<code>&client_id=<domain>
    	
    • code - the string retrieved from the previous step
    • domain - whole domain name (including the port, if specified) must match the domain name of the redirect_uri
    • The response should look like:
      	{
      	"access_token":"xxxxx...xxxx",
      	 "expires_in":3600,
      	 "identity":"yyyy...yyyy",
      	 "token_type":"Bearer"
      	 }
      
      where idenity is unique idenity string for the autentificated user.
    • NOTE: This request invalidates the "code". If you need to retrieve the identity later, use the access_token in the following step.
  3. (optional) Receive the identity with the access_token:
    	GET ident
    	Autorization: Bearer <access_token> 
    	
    • access_token - the token retrieved from the previous step
    • The response should look like:
      	{
      	 "identity":"yyyy...yyyy",
      	 }
      
      where idenity is unique idenity string for the autentificated user.

Sources available at:

About the author

Ondřej Novák