QR code login for another device in mobile app

NOVASOLUTIONS.TECHNOLOGY is engaged in the development, support and maintenance of iOS, Android, PWA mobile applications. We have extensive experience and expertise in publishing mobile applications in popular markets like Google Play, App Store, Amazon, AppGallery and others.
8+Years of work900+Completed projects100+In house employees19+Partners
Development and support of all types of mobile applications:
Information and entertainment mobile applications
News apps, games, reference guides, online catalogs, weather apps, fitness and health apps, travel apps, educational apps, social networks and messengers, quizzes, blogs and podcasts, forums, aggregators
E-commerce mobile applications
Online stores, B2B apps, marketplaces, online exchanges, cashback services, exchanges, dropshipping platforms, loyalty programs, food and goods delivery, payment systems.
Business process management mobile applications
CRM systems, ERP systems, project management, sales team tools, financial management, production management, logistics and delivery management, HR management, data monitoring systems
Electronic services mobile applications
Classified ads platforms, online schools, online cinemas, electronic service platforms, cashback platforms, video hosting, thematic portals, online booking and scheduling platforms, online trading platforms

These are just some of the types of mobile applications we work with, and each of them may have its own specific features and functionality, tailored to the specific needs and goals of the client.

Offered services
Showing 1 of 1 servicesAll 1735 services
QR code login for another device in mobile app
Medium
~2-3 business days
FAQ
Our competencies:
Development stages
Latest works
  • image_mobile-applications_feedme_467_0.webp
    Development of a mobile application for FEEDME
    756
  • image_mobile-applications_xoomer_471_0.webp
    Development of a mobile application for XOOMER
    624
  • image_mobile-applications_rhl_428_0.webp
    Development of a mobile application for RHL
    1052
  • image_mobile-applications_zippy_411_0.webp
    Development of a mobile application for ZIPPY
    947
  • image_mobile-applications_affhome_429_0.webp
    Development of a mobile application for Affhome
    862
  • image_mobile-applications_flavors_409_0.webp
    Development of a mobile application for the FLAVORS company
    445
Show more works

QR Code Authorization Implementation on Another Device

QR authorization — user already logged in mobile app, opens website or tablet, and instead of entering password, scans QR code with phone. Telegram Web, WhatsApp Web, Steam use this exact mechanics. Convenient and secure: credentials not entered on second device.

Authorization Protocol

Works via temporary challenge:

  1. Second device (web/tablet) requests temporary session_token and qr_id from backend.
  2. Displays QR code with content: yourapp://qr-auth?token={session_token}.
  3. Web starts polling or subscribes to WebSocket event by qr_id.
  4. User scans QR with phone — app decodes session_token.
  5. Phone sends to backend: "User X authorizes session session_token".
  6. Backend checks session_token exists and not expired, creates session for second device.
  7. Second device gets access_token via WebSocket or next polling request.

session_token lives 2–5 minutes. After use — immediately invalidated. Reuse impossible.

Mobile Implementation

Phone scans QR and confirms authorization:

class QRAuthViewModel(
    private val qrAuthRepository: QRAuthRepository,
    private val cameraManager: CameraManager
) : ViewModel() {

    fun onQRScanned(qrContent: String) {
        val token = parseQRToken(qrContent) ?: run {
            _state.value = QRAuthState.InvalidQR
            return
        }
        // Show confirmation screen before sending request
        _state.value = QRAuthState.ConfirmationRequired(token)
    }

    fun confirmAuthorization(token: String, deviceInfo: DeviceInfo) {
        viewModelScope.launch {
            _state.value = QRAuthState.Loading
            qrAuthRepository.authorizeQRSession(
                sessionToken = token,
                deviceName = deviceInfo.name,
                deviceType = deviceInfo.type
            ).fold(
                onSuccess = { _state.value = QRAuthState.Authorized },
                onFailure = { e ->
                    _state.value = when (e) {
                        is TokenExpiredException -> QRAuthState.QRExpired
                        is AlreadyUsedException -> QRAuthState.QRAlreadyUsed
                        else -> QRAuthState.Error(e.message)
                    }
                }
            )
        }
    }
}

Confirmation screen — mandatory. User must explicitly tap "Log In" before session authorized. Without this — risk of accidental QR scan.

QR Generation and Display on Second Device

On web, QR updates on expiration — new request to backend for fresh session_token. Animated timer shows remaining time. Via WebSocket: { event: "qr_authorized", accessToken: "..." } — instant authorization without page reload.

On tablet (second mobile device) — same logic, only QR displayed via native library. On Android: zxing, on iOS: CIFilter.qrCodeGenerator.

Security

QR contains only temporary token — not credentials. Even if someone photographed QR — token expires within minutes or already used. HTTPS mandatory for all requests. Backend checks session_token created for same user_id that phone confirms.

QR authorization implementation (mobile scanner + backend protocol + web side): 2–3 weeks. Cost estimated individually.