Generating QR codes
PyBankID can generate QR codes for you. There is an demo application in the
examples folder of the repo where a
Flask application called qrdemo
shows one way to do authentication with animated QR codes.
The QR code content generation is done with the generate_qr_code_content
method on the BankID Client instances, or directly
through the identically named method in bankid.qr
module.
Below follows the app’s README file, for your convenience.
QR Authentication Example
Making a simple authentication via QR code solution using Flask, Flask-Caching and PyBankID.
Running the application
Navigate your terminal to the same folder that this
README.md
resides in.Create a virtualenv:
python -m venv .venv
Activate it.
Install requirements:
pip install -r requirements.txt
Run Flask app:
From Bash:
$ export FLASK_APP=qrdemo.app:app $ flask run -h 0.0.0.0
From Powershell:
> $env:FLASK_APP = "qrdemo.app:app" > flask run -h 0.0.0.0
The app can now be accessed from the running computer on http://127.0.0.1:5000
, http://localhost:5000
or from an
external device on the same network on http://<ip for the running computer>:5000
.
Basic workflow
These are the steps that the application takes:
Ask the user for Swedish Personal Identity Number (PN) or initiate an authentication without.
Upon POSTing that PN to the backend, initiate a BankID
authenticate
session. This generates tokens that one can create QR codes from using theclient.generate_qr_code_content
method.Continuously update the QR code according to the description in the BankID Relying Party Guidelines Version: 3.6 (see below, Chapter 4). The new QR code content to display MUST be fetched from the backend since the
qrStartSecret
must never be shown to the user for the authentication to be trustworthy.Also make
collect
calls to the BankID servers continuously and monitor if signing is complete or failed.Redirect when complete or failed.
Missing components
There are a few shortcuts taken here:
There is no error handling of
status: failed
results when collecting the authentication response.There is no
Recommended User Messages (RFA)
handling. It merely displays thestatus
andhintCode
from the collect response.The Cache is a memory cache on this single instance web app.