Skip to content

Login QR⚓︎

The nextAuth login QR codes contain less data then the nextAuth enrol QR codes. But other then that, scanning the QR code and starting a session are identical to the ones described in setting up your first account. The Mobile SDK differentiates between the two types of QR codes and tells the app how to proceed through callbacks. The expected callbacks are therefore be different, and are described below.

Tip

Avoid displaying an enrol QR and login QR code on the same page, as the camera might scan the other QR code and not the one intended by the user.

Info

If you scan a login QR code for a server on which the user has no account in the app yet, you will get back a UserErrorMessage with code 34 - No Accounts Found for Server.

Handle Callbacks⚓︎

The expected sequence of callbacks/notifications to be handled is as follows:

  1. ConfirmLogin -- asking the user to confirm logging in. See here for more information.
  2. SecondFactor with VERIFY as its context -- asking the user to enter their second factor for verification. See here for more information.
  3. SecondFactor with SUCCESS as its result -- acknowledging that the second factor has been verified.
  4. SessionLogin -- acknowledging that the user is now logged in.
  1. willConfirmLoginFor -- asking the user to confirm logging in. See here for more information.
  2. didStartSecondFactorWith with VERIFY as its context -- asking the user to enter their second factor for verification. See here for more information.
  3. didUpdateSecondFactorWith with SUCCESS as its result -- acknowledging that the second factor has been verified.
  4. sessionUpdate -- acknowledging that the user is now logged in.

Info

If automaticallySelectSingleAccountWhenSecondFactorNeeded is set to true in the SDK Configuration, the ConfirmLogin callback will only be shown if the user either:

  • needs to select one account to login in with (i.e., the app has multiple accounts at this server, for which the login QR code was generated, to choose from), or
  • needs to confirm their intent (i.e., when the user does not need to input a second factor and hence cannot confirm their intent there).

Info

The SecondFactor callbacks are conditional on the server (for which the login QR code was generated) being configured to:

  1. require a second factor, and
  2. only require the second factor once every pinTimeout.

Furthermore, even if a second factor was previously entered by the user in the specified pinTimeout, a more specific pinTimeout can be requested from the server SDK for generating the login QR code.