***: mkb has quit IRC (Ping timeout: 240 seconds)
ziyourenxiang has joined #arpnetworks
ziyourenxiang has quit IRC (Quit: Leaving)
dj_goku has quit IRC (Remote host closed the connection)
dj_goku has joined #arpnetworks
dj_goku has quit IRC (Changing host)
dj_goku has joined #arpnetworks
mkb_ is now known as mkb
nathani: What technology does Whatsapp Web utilize to sync a QR Code with a mobile device, or is that they pretty much rolled their own proprietary solution?
hazardous: ..?
wait, do you mean log in with qr or something
nathani: yea the login
hazardous: it's pretty much an authentication code / attestation, many chinese sites do this
tencent games all do qr login
because people have to sign in via cybercafe computers that are unsafe/keylogged
nathani: it is straightforward to implement?
hazardous: you scan the qr random token on your phone, enter u/p on your phone (in the app where the token is also attached/read), and they 'approve' that qr random token for login
nathani: are there libraries etc out there for programmers?
hazardous: think of it as basically clicking a oauth button
except more state is handled by the server
not sure if there are libraries, i rarely if ever see this auth flow outside of asia
tl;dr afaik is session: asdfjkl (in QR; actually some maximally long crypto-random token) / app: scans qr and provides either existing token or a login window on a device you own; when you log in you basically tell it "tie this session to asdfjkl instead of creating a new one"
so in the browser afterward you just reload and your same cookie is already 'active'
nathani: right
hazardous: i feel like there's probably not much of a library thing for this, but it should just be the same as a login form except tracking active but not used yet tokens in redis or something
and when they're consumed just dump it in your sessions db table or whatever
***: Nahual has quit IRC (Quit: Leaving.)
Lucifer333 has joined #arpnetworks