Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Custom registration

QR registration example

search
printsuggest an editpdf paneldownload

QR registration example

This shows how you might implement a QR registration. The scripts are based on the following flow:

  1. The user logs in on the website or portal with their credentials.

  2. The website calls the OneWelcome Identity Platform on the backchannel endpoint.

  3. The OneWelcome Identity Platform triggers the backchannel script for this identity provider and returns the result to the website.

  4. The website generates a QR code based on the response.

  5. The user scans this QR code with the mobile app.

  6. The mobile app calls the OneWelcome Identity Platform on the complete endpoint.

  7. The OneWelcome Identity Platform triggers the complete script and returns the result to the mobile app.

  8. The user is logged in with the mobile app if the result is successful.

copy link to clipboardBackchannel script

The backchannel script is the first part of QR registration. It is used as a way to interact with the OneWelcome Identity Platform (even before the actual user gets involved with their app or to poll the status). You can use this script to store data that is fetched later.

copy link to clipboardTwo Main Flows:

  • Enrollment Status Check (handleEnrolQrStatus): If an identifier is provided, it checks whether the user has completed the login process associated with that identifier.
  • Registration Initialization (initQrCodeRegistration): If no identifier is provided, it starts a new registration by generating a unique identifier and associating it with the user's data.

copy link to clipboardExample request to the backchannel script to Initiate QR registration

In the example, a userId is sent to be stored and then fetched during the complete script. Below is a sample string that sends a userId in the requestPayload.

{
    "data": "{\"userId\":\"exampleUserId\"}"
}

copy link to clipboardExample script

function execute(requestPayload) {
  function handleEnrolQrStatus(identifier) {
    var data = CACHE.fetch(identifier);
    if (data != null) {
      var parsedData = JSON.parse(data);
      if(parsedData.loggedIn === true){
        CACHE.delete(identifier);
        return {
          status: 2000,
          responsePayload: data
        };
      }
    }
    return {
      status: 2000,
      responsePayload: JSON.stringify( {loggedIn: false})
    }
  }

  function initQrCodeRegistration() {
    var identifier = java.util.UUID.randomUUID().toString();
    var userId = JSON.parse(requestPayload).userId;
    // Store any data you need
    CACHE.store(identifier, JSON.stringify({userId: userId}));
    LOG.info("storing userId: {}", userId);

    return {
      status: 2000,
      responsePayload: identifier
    };
  }
  LOG.info("requestPayload: {}", requestPayload);
  var identifier = JSON.parse(requestPayload).identifier;
  if (identifier != null) {
    return handleEnrolQrStatus(identifier);
  } else {
    return initQrCodeRegistration();
  }
}

For variables that differ per environment, such as URLs, or that contain sensitive data, such as passwords, use properties.

It uses the cache and sets a specific time-to-live (TTL).

copy link to clipboardExample response

Here is an example response you'd get from the script above. As part of the QR flow, parse the identifier and then embed it in the QR code.

{
   "data": "e2048242-085f-4210-93ff-84df1fcd8ce2",
   "status": 2000
}

copy link to clipboardComplete script

The complete script is the second part of QR registration. In this step, the mobile app allows the user to scan the generated QR code, parse the data that is embedded in it, and then send that to the Mobile SDK. In our example, the identifier JSON is sent with the complete request, so that it can be used to fetch the userId that was stored earlier. The JSON below is a sample of what you need to send to the Mobile SDK. The Mobile SDK automatically escapes it when it sends the request to the OneWelcome Identity Platform.

copy link to clipboardExample string sent to the Mobile SDK

"e2048242-085f-4210-93ff-84df1fcd8ce2"

copy link to clipboardExample script

function execute(requestPayload){
  var userId = CACHE.fetch(requestPayload);
  LOG.info("retrieved from cache: {}", userId);

  // You may want to delete the entry so the same request cannot be made again
  var status = 2000;

  if (userId){

    var loggedIn = true;
    var parsedUserId = JSON.parse(userId);
    var responseData = {loggedIn: true, userId:parsedUserId.userId};
    CACHE.delete(requestPayload);

    CACHE.store(requestPayload, JSON.stringify(responseData));
  } else {
    status = 5000;
  }

  return {
    status: status,
    user: {
      id: JSON.parse(userId).userId
    }
  };
}

On this page