QR Device Registration

This guide describes how to enable and use QR Device Registration feature. The QR Device Registration allows users to easily enroll their mobile devices without the need to of going through the cumbersome manual authorization process that usually includes typing a comples password in the device's browser. Instead, the user can select the add device option from his personal dashboard page (user is required to have a valid session at the portal) and scan the presented QR Code with his mobile application that is using the Onegini Mobile SDK in order to get the application ready.

This chapter focuses only on the parts that are specific to the Onegini IdP, any other details configuration details are covered in the Onegini Token Server product documentation.

Prerequisites

To successfully complete this topic guide you need to ensure following prerequisites:

  • Onegini IdP instance must to be running, for the sake of this guide we assume it's available under http://idp-core.dev.onegini.me address
  • access to the Onegini IdP's admin console
  • integration with the Onegini Token Server must be configured in the Onegini IdP's admin panel
  • mobile authentication feature must be enabled in the Onegini IdP's admin panel
  • the Onegini Token Server must be properly configured and integrated with Onegini Extension Engine
  • the Onegini Token Server must have an Identity Provider of type CUSTOM_API_ONE_STEP configured
  • have a mobile application that is using the Onegini Mobile SDK and is integrated with the Onegini Token Server

Integration

If all prerequisites are met the Onegini IdP will return a showRegisterDeviceButton model attribute having true value to dashboard_connected_devices Thymeleaf fragment. It should be used as an indicator for rendering the feature entry point.

The flow

The QR Device Registration is based on the Onegini Token Server's Custom Registration feature that requires Onegini Extension Engine integration to be present. The Onegini IdP initializes the process by calling the backchannel API providing the currently logged in person's identifier as well as the callback URL on which it expects to receive a feedback notification once the device registration finishes. The callbacks base URL originates from IDP_HOST_URL configuration property that should be available in one the application's property sources. The Onegini Token Server responds with a transaction identifier, data fragment that is meant to feed the QR code and the transaction validity time. In case the user will not be able to finalise the process in the given time the Onegini IdP will automatically reinitialize it which will result re-rendering of the QR code. Once successfully scanned, the user will be prompted for creating a new PIN code in his mobile application and the newly registered device will be listed as trusted in the Onegini IdP.