Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Custom registration

QR registration example

search

QR registration example

This shows how you might implement a QR registration. The scripts are based on the following flow:

  1. The user logs in on the website or portal with their credentials.

  2. The website calls the OneWelcome Identity Platform on the backchannel endpoint.

  3. The OneWelcome Identity Platform triggers the backchannel script for this identity provider and returns the result to the website.

  4. The website generates a QR code based on the response.

  5. The user scans this QR code with the mobile app.

  6. The mobile app calls the OneWelcome Identity Platform on the complete endpoint.

  7. The OneWelcome Identity Platform triggers the complete script and returns the result to the mobile app.

  8. The user is logged in with the mobile app if the result is successful.

Backchannel script

The backchannel script is the first part of QR registration. It is used as a way to interact with the OneWelcome Identity Platform (even before the actual user gets involved with their app or to poll the status). You can use this script to store data that is fetched later.

Two Main Flows:

  • Enrollment Status Check (handleEnrolQrStatus): If an identifier is provided, it checks whether the user has completed the login process associated with that identifier.
  • Registration Initialization (initQrCodeRegistration): If no identifier is provided, it starts a new registration by generating a unique identifier and associating it with the user's data.

Example request to the backchannel script to Initate QR registration

In the example, a userId is sent to be stored and then fetched during the complete script. Below is a sample string that sends a userId in the requestPayload.

{
    "data": "{\"userId\":\"exampleUserId\"}"
}

Example script

function execute(requestPayload) {
  function handleEnrolQrStatus(identifier) {
    var data = CACHE.fetch(identifier);
    if (data != null) {
      var parsedData = JSON.parse(data);
      if(parsedData.loggedIn === true){
        CACHE.delete(identifier);
        return {
          status: 2000,
          responsePayload: data
        };
      }
    }
    return {
      status: 2000,
      responsePayload: JSON.stringify( {loggedIn: false})
    }
  }

  function initQrCodeRegistration() {
    var identifier = java.util.UUID.randomUUID().toString();
    var userId = JSON.parse(requestPayload).userId;
    // Store any data you need
    CACHE.store(identifier, JSON.stringify({userId: userId}));
    LOG.info("storing userId: {}", userId);

    return {
      status: 2000,
      responsePayload: identifier
    };
  }
  LOG.info("requestPayload: {}", requestPayload);
  var identifier = JSON.parse(requestPayload).identifier;
  if (identifier != null) {
    return handleEnrolQrStatus(identifier);
  } else {
    return initQrCodeRegistration();
  }
}

For variables that differ per environment, such as URLs, or that contain sensitive data, such as passwords, use properties

It uses the cache and sets a specific time-to-live (TTL).

Example response

Here is an example response you'd get from the script above. As part of the QR flow, parse the identifier and then embed it in the QR code.

{
   "data": "e2048242-085f-4210-93ff-84df1fcd8ce2", 
   "status": 2000
}

Complete script

The complete script is the second part of QR registration. In this step, the mobile app allows the user to scan the generated QR code, parse the data that is embedded in it, and then send that to the Mobile SDK. In our example, the identifier JSON is sent with the complete request, so that it can be used to fetch the userId that was stored earlier. The JSON below is a sample of what you need to send to the Mobile SDK. The Mobile SDK automatically escapes it when it sends the request to the OneWelcome Identity Platform.

Example string sent to the Mobile SDK

"e2048242-085f-4210-93ff-84df1fcd8ce2"

Example script

function execute(requestPayload){
  var userId = CACHE.fetch(requestPayload);
  LOG.info("retrieved from cache: {}", userId);

  // You may want to delete the entry so the same request cannot be made again
  var status = 2000;

  if (userId){

    var loggedIn = true;
    var parsedUserId = JSON.parse(userId);
    var responseData = {loggedIn: true, userId:parsedUserId.userId};
    CACHE.delete(requestPayload);

    CACHE.store(requestPayload, JSON.stringify(responseData));
  } else {
    status = 5000;
  }

  return {
    status: status,
    user: {
      id: JSON.parse(userId).userId
    }
  };
}

On this page