Skip to main content

Remote Auth (Mobile)

Remote auth lets users effortlessly log into the desktop client using a QR code displayed on the logged-out desktop app by scanning it using a logged-in mobile app.

Initializing

When a user scans a QR code, the mobile client does the following:

  1. First, the client parses the URL and checks that it's valid
  2. Next, the client extracts the "fingerprint" parameter from the url (the value after /ra/)
  3. The client uses this "fingerprint" parameter to make a POST request to /users/@me/remote-auth with the following JSON-encoded body:
fieldtypedescription
fingerprintstringvalue from the QR code

This request causes the pending_finish to be emitted to the desktop client, causing it to display the "confirm on your phone" message.

remote-auth responds with the following JSON-encoded body on success:

fieldtypedescription
handshake_tokenstringused to refer to this remote auth session

The handshake_token is then used to refer to the QR code session between subsequent requests.

From this point, one of two actions can be performed with the remote login session. A cancel or a finish

Cancelling

Cancelling a login request causes the cancel OP to be emitted to the desktop client.

Cancelling a request can be done with a POST to /users/@me/remote-auth/cancel with the following body:

fieldtypedescription
handshake_tokenstringtoken from POST to /users/@me/remote-auth

This endpoint responds with a 204 on success.

Finishing

Finishing a login request causes the finish OP to be emitted to the desktop client.

Finishing a request can be done with a POST to /users/@me/remote-auth/finish with the following JSON-encoded body:

fieldtypedescription
handshake_tokenstringtoken from POST to /users/@me/remote-auth
temporary_tokenbooleanwhether or not the resulting token should be "temporary". currently, must be false or else you will receive a 500

This endpoint responds with a 204 on success.