Authenticated User from desktop to mobile

Hello there,

I’m stuck on things that I have no idea how to solve and I didn’t find any example on that.
Imagine that you are authenticated in a web application using oidc, in some stage, you have to scan a QR Code and move to your mobile and take a selfie.

How to do that without requiring the user to log in again?
How to use the same token or session for the authenticated user in an external device?

the application is the same…

Thanks everybody

You could have the QR code encode an action token link. This requires extending the server to create a new action token and handler, but this is a great use case for it. Action token documentation is here: Server Developer Guide

1 Like

Thank you!

Actually, I have the Action Token Api and Action Handler implemented, but I don’t know how to redirect after the handler, I have the page with the QR Code generated by ActionToken, user scan this QR with the mobile device and after validating token by the handler, it should redirect the user to another page on the same app

The handleToken method of the handler returns a Response, which can be a redirect. E.g.

  public Response handleToken(
      MyActionToken token,
      ActionTokenContext<MyActionToken> tokenContext) {
    //do some verification and setup 
    URI uri = new URI("");
    return Response.seeOther(uri).build();

Here’s the Response javadoc: Response (Java(TM) EE 7 Specification APIs)

1 Like

Great! Thank you very much, I’m gonna implement it and back here to say the results

1 Like

Please do! This is a really neat use case. I imagine there are other users that will have a similar requirement of “doing X on a phone”, and using a QR code that embeds an Action Token link is a great way to solve it.

1 Like