Log chat dimensional code scanning principle
Sweep the two-dimensional code Login now more common, such as micro-channel, Alipay and other PC logs, and seems to support the APP Each scan code login, login not put forward a scan code are embarrassed. As a technician, I do not know if you realize the logic behind this'm interested in, anyway, I've been behind the realization of these curious. Just recently saw a video scan code to log on principle, so they sorted out this article, I hope for your help.
In this paper a total of three themes:
- What is a two-dimensional code.
- End mobile token-based authentication mechanism.
- Principles of two-dimensional code scan code login.
1. What is the two-dimensional code
Two-dimensional bar code, also known as two-dimensional, two-dimensional code common to QR Code, QR stands for Quick Response, is a super popular form of encoding on mobile devices in recent years, it is more than the traditional Bar Code bar code can store more the information can also be expressed more data types. ---- from Baidu Encyclopedia
On the commodity, usually a bar code, the bar code is also known as one-dimensional codes, bar codes can only express a string of numbers. Many rich two-dimensional code than bar codes can store numbers, strings, pictures, documents and so on, for example, we can www.baidu.com store in a two-dimensional code, the two-dimensional code scan code we can get to Baidu address.
May use words to say it is quite difficult to understand, you can Baidu: forage dimensional code, a two-dimensional code generation and analysis tool, and play you know is Gesha a two-dimensional code.
2, the mobile terminal based on the token authentication mechanism
Before looking at the scan code to log principle, it is necessary to first understand the movement of the end token-based authentication mechanism for understanding the scan code Login principle is very helpful. Token-based authentication mechanisms with us common account password authentication methods are quite different, the safety factor is higher than the account password, if verified all incoming account password each time, then the probability hijacked becomes large.
The token-based authentication mechanisms flowchart, as shown below:
Token-based authentication mechanism, only the first time you need to enter the account password, the subsequent use will not enter the account password. In fact, when the landing is not only incoming accounts, passwords, also passed the device information of the phone. Verify the account on the server, the password is correct, the server will do two things .
First, to associate the account with the device, in a sense, the device information on behalf of the account.
Second, the token generates a token, and the token associated with the account number, the device, similar to the key / value, token as a key, the account, as the device information value, persistence on disk.
The token is returned to the mobile terminal, the mobile terminal will be deposited in a local token, move back end through token to access the server API, of course, in addition to the token, also you need to carry the device information, as token might be hijacked. After the tape device information, even if the token was hijacked does not matter, because the device information is unique.
This is the token-based authentication mechanisms will account password into a token, device information, thereby increasing the safety factor, do not underestimate this token, token identity credentials, login time in the scan code will be used.
3, the principle of two-dimensional code sweep login code
Well, knowing the move after the end of the token-based authentication mechanism, then we enter our theme: two-dimensional code scan code landed principle. First on the two-dimensional code code login sweep flow chart:
Log scan code can be divided into three stages: to be scanned, the scanning has to be confirmed, it has been confirmed . Eleven we take a look at these three stages.
1, the stage to be scanned
Phase to be scanned is a flowchart of stage 1 to 5, i.e. two-dimensional code generation phase, which nothing to do with the mobile terminal, a service interaction with the PC side.
First PC-side device carries information want server to generate two-dimensional code to initiate the request, the server will generate a unique two-dimensional code ID, you can be understood as UUID, and associate the device with the PC two-dimensional code ID information, which end with the move Log somewhat similar.
After the two-dimensional code by the terminating PC ID, two-dimensional code ID will appear as a two-dimensional code, the mobile terminal waits for scan code. At this point starts a timer on the PC side, the polling query the status of two-dimensional code. If the mobile terminal does not scan, then after some time two-dimensional code will be deactivated.
2, has to be confirmed scanning stage
Flow chart for the first 6 to 10 stage, when we log on micro-channel PC side, the phone scan code, the PC has become two-dimensional code scan code, make sure the phone side. This stage is the process of mobile terminal with the server interaction.
First end mobile two-dimensional code scanning to obtain two-dimensional code ID, then the credentials information (token), and phone logs of a two-dimensional code ID as a parameter sent to the server , then the phone must be logged on, no login does not exist Case.
After accepting the request, the server will be token ID associated with the two-dimensional code, why the need to associate it? Think about it, when we use the micro-channel, mobile terminal exit, PC end is not it also need to quit, this association will handle the role of a little bit. Will then generate a one-time token, the token will be returned to the mobile terminal, as confirmation token when disposable certificate .
PC side timer polls to state two-dimensional code has changed, PC will be updated to the end of the two-dimensional code has been scanned, please confirm.
3, has confirmed
The flowchart of steps 11 to 15, which is the final stage of the scan code log, the mobile terminal carries temporary token obtained in the previous step, log confirmation, the server proofreading completed, updates the status of the two-dimensional code, and to the PC end generate a formal token, follow the PC side is holding the token to access the server .
PC side of the timer, polling status to the two-dimensional code is logged, and will get to the token-generated complete the registration, follow-up visits are based on token completed.
Will end with the phone as the server side, it maintains a token with the two-dimensional code, PC device information, account numbers and other information.
This two-dimensional code scanning log in principle on the same subject, the two-dimensional code scanning login difficult to understand in principle, there is a ray of similarities with OAuth2.0, but realize it may be more complicated.
Sweep the two-dimensional code Login now more common, such as micro-channel, Alipay and other PC logs, and seems to support the APP Each scan code login, login not put forward a scan code are embarrassed. As a technician, I do not know if you realize the logic behind this'm interested in, anyway, I've been behind the realization of these curious. Just recently saw a video scan code to log on principle, so they sorted out this article, I hope for your help.
In this paper a total of three themes:
- What is a two-dimensional code.
- End mobile token-based authentication mechanism.
- Principles of two-dimensional code scan code login.
1. What is the two-dimensional code
Two-dimensional bar code, also known as two-dimensional, two-dimensional code common to QR Code, QR stands for Quick Response, is a super popular form of encoding on mobile devices in recent years, it is more than the traditional Bar Code bar code can store more the information can also be expressed more data types. ---- from Baidu Encyclopedia
On the commodity, usually a bar code, the bar code is also known as one-dimensional codes, bar codes can only express a string of numbers. Many rich two-dimensional code than bar codes can store numbers, strings, pictures, documents and so on, for example, we can www.baidu.com store in a two-dimensional code, the two-dimensional code scan code we can get to Baidu address.
May use words to say it is quite difficult to understand, you can Baidu: forage dimensional code, a two-dimensional code generation and analysis tool, and play you know is Gesha a two-dimensional code.
2, the mobile terminal based on the token authentication mechanism
Before looking at the scan code to log principle, it is necessary to first understand the movement of the end token-based authentication mechanism for understanding the scan code Login principle is very helpful. Token-based authentication mechanisms with us common account password authentication methods are quite different, the safety factor is higher than the account password, if verified all incoming account password each time, then the probability hijacked becomes large.
The token-based authentication mechanisms flowchart, as shown below:
Token-based authentication mechanism, only the first time you need to enter the account password, the subsequent use will not enter the account password. In fact, when the landing is not only incoming accounts, passwords, also passed the device information of the phone. Verify the account on the server, the password is correct, the server will do two things .
First, to associate the account with the device, in a sense, the device information on behalf of the account.
Second, the token generates a token, and the token associated with the account number, the device, similar to the key / value, token as a key, the account, as the device information value, persistence on disk.
The token is returned to the mobile terminal, the mobile terminal will be deposited in a local token, move back end through token to access the server API, of course, in addition to the token, also you need to carry the device information, as token might be hijacked. After the tape device information, even if the token was hijacked does not matter, because the device information is unique.
This is the token-based authentication mechanisms will account password into a token, device information, thereby increasing the safety factor, do not underestimate this token, token identity credentials, login time in the scan code will be used.
3, the principle of two-dimensional code sweep login code
Well, knowing the move after the end of the token-based authentication mechanism, then we enter our theme: two-dimensional code scan code landed principle. First on the two-dimensional code code login sweep flow chart:
Log scan code can be divided into three stages: to be scanned, the scanning has to be confirmed, it has been confirmed . Eleven we take a look at these three stages.
1, the stage to be scanned
Phase to be scanned is a flowchart of stage 1 to 5, i.e. two-dimensional code generation phase, which nothing to do with the mobile terminal, a service interaction with the PC side.
First PC-side device carries information want server to generate two-dimensional code to initiate the request, the server will generate a unique two-dimensional code ID, you can be understood as UUID, and associate the device with the PC two-dimensional code ID information, which end with the move Log somewhat similar.
After the two-dimensional code by the terminating PC ID, two-dimensional code ID will appear as a two-dimensional code, the mobile terminal waits for scan code. At this point starts a timer on the PC side, the polling query the status of two-dimensional code. If the mobile terminal does not scan, then after some time two-dimensional code will be deactivated.
2, has to be confirmed scanning stage
Flow chart for the first 6 to 10 stage, when we log on micro-channel PC side, the phone scan code, the PC has become two-dimensional code scan code, make sure the phone side. This stage is the process of mobile terminal with the server interaction.
First end mobile two-dimensional code scanning to obtain two-dimensional code ID, then the credentials information (token), and phone logs of a two-dimensional code ID as a parameter sent to the server , then the phone must be logged on, no login does not exist Case.
After accepting the request, the server will be token ID associated with the two-dimensional code, why the need to associate it? Think about it, when we use the micro-channel, mobile terminal exit, PC end is not it also need to quit, this association will handle the role of a little bit. Will then generate a one-time token, the token will be returned to the mobile terminal, as confirmation token when disposable certificate .
PC side timer polls to state two-dimensional code has changed, PC will be updated to the end of the two-dimensional code has been scanned, please confirm.
3, has confirmed
The flowchart of steps 11 to 15, which is the final stage of the scan code log, the mobile terminal carries temporary token obtained in the previous step, log confirmation, the server proofreading completed, updates the status of the two-dimensional code, and to the PC end generate a formal token, follow the PC side is holding the token to access the server .
PC side of the timer, polling status to the two-dimensional code is logged, and will get to the token-generated complete the registration, follow-up visits are based on token completed.
Will end with the phone as the server side, it maintains a token with the two-dimensional code, PC device information, account numbers and other information.
This two-dimensional code scanning log in principle on the same subject, the two-dimensional code scanning login difficult to understand in principle, there is a ray of similarities with OAuth2.0, but realize it may be more complicated.