Do you really understand the principle of code scanning login?

Why should we understand the principle of scanning code login ？

Login by scanning QR code has become a common login method , This method can quickly log in without entering user name and password , It involves PC End 、 Interaction between mobile terminal and server terminal , Whether for front-end developers or back-end developers , Mastering the principle of code scanning login can help us design a set of login mechanism to serve our own applications .

The main stage of code scanning login

Stage 1： To be scanned

The phase to be scanned is PC The process of interaction between client and server , It mainly includes the following steps ：

1. PC The terminal carries its own device information , Send a request to the server to obtain QR code information .
2. The server generates a unique QR code ID, And bind with this device .
3. Service end-to-end PC End return QR code ID.
4. PC According to the QR code ID Display QR code for mobile terminal scanning .
5. PC Start a timer , Regularly poll the server , Query the status of QR code , Is it scanned , If it hasn't been scanned for a while , The QR code will fail .

Stage 2： Scanned for confirmation

This stage is mainly the interaction process between the mobile terminal and the server , It mainly includes the following steps ：

6. Scan QR code at mobile terminal , Get QR code ID.
7. The mobile terminal will its own identity information token, And send the scanned QR code information to the server .
8. The server sends the QR code ID Bind with identity information , Generate temporary token.
9. The server will temporarily token Back to the mobile . This temporary token Can be used as a credential to confirm login .
10. PC The terminal will poll the status of the QR code , Update the status of QR code to be confirmed .

Stage 3： Confirmed phase

The confirmed stage mainly includes the following steps ：

11. The mobile terminal carries temporary equipment token, Confirm login .
12. The server receives a temporary message token after , After verification , The status of QR code will be changed to confirmed , Then generate PC End token.
13. PC The terminal will poll the status of the QR code , And change to confirmed .
14. Service end-to-end PC The terminal sends QR code status and PC End token.
15. PC End by virtue PC End token Access server API.

Overall flow chart