PyBankID can generate QR codes for you. There is an demo application in the examples folder of the repo where a Flask application called qrdemo
shows one way to do authentication with animated QR codes.
The QR code content generation is done with the generate_qr_code_content
method on the BankID Client instances, or directly through the identically named method in bankid.qr
module.
Below follows the app's README file, for your convenience.
Making a simple authentication via QR code solution using Flask, Flask-Caching and PyBankID.
- Navigate your terminal to the same folder that this
README.md
resides in. - Create a virtualenv:
python -m venv .venv
- Activate it.
- Install requirements:
pip install -r requirements.txt
- Run Flask app:
From Bash:
$ export FLASK_APP=qrdemo.app:app $ flask run -h 0.0.0.0
From Powershell:
> $env:FLASK_APP = "qrdemo.app:app" > flask run -h 0.0.0.0
The app can now be accessed from the running computer on http://127.0.0.1:5000
, http://localhost:5000
or from an external device on the same network on http://<ip for the running computer>:5000
.
These are the steps that the application takes:
- Ask the user for Swedish Personal Identity Number (PN) or initiate an authentication without.
- Upon POSTing that PN to the backend, initiate a BankID
authenticate
session. This generates tokens that one can create QR codes from using theclient.generate_qr_code_content
method. - Continuously update the QR code according to the description in the BankID Relying Party Guidelines Version: 3.6 (see below, Chapter 4). The new QR code content to display MUST be fetched from the backend since the
qrStartSecret
must never be shown to the user for the authentication to be trustworthy. - Also make
collect
calls to the BankID servers continuously and monitor if signing is complete or failed. - Redirect when complete or failed.
There are a few shortcuts taken here:
- There is no error handling of
status: failed
results when collecting the authentication response. - There is no
Recommended User Messages (RFA)
handling. It merely displays thestatus
andhintCode
from the collect response. - The Cache is a memory cache on this single instance web app.