Understanding the Mechanics of QR Code Login and Token‑Based Authentication

QR codes are ubiquitous in daily life, appearing in payments, system logins, and app downloads; understanding their underlying principles helps both developers and non‑technical users make informed choices and avoid scams.

QR code login is essentially a form of authentication that requires two actions: informing the system who you are and proving that identity. Similar to password or OTP login, the mobile app, already logged in, confirms the login on the PC by scanning a QR code.

The article first introduces QR codes, comparing them to one‑dimensional barcodes, and notes that QR codes can encode any string, not just numbers. Online generators can convert text or URLs into QR images, and decoding tools can extract the embedded data.

Next, the token‑based authentication mechanism is described. After a successful password login, the server binds the account ID, device ID, and device type into a data structure and issues a token. The client stores this token and presents it with each API request; the server validates the token against the stored device information.

const token = { acountid: '账号ID', deviceid: '登录的设备ID', deviceType: '设备类型，如 iso,android,pc......' }

The QR‑code login flow consists of four main stages:

QR code preparation: the PC requests a unique QR ID from the server, which binds the ID to the PC’s device info and returns it; the PC then renders the QR code and polls the server for status updates.

Scanning state transition: the mobile app scans the QR code, extracts the QR ID, and sends the user’s identity plus the QR ID to the server, which creates a temporary token and updates the QR status to “scanned”.

Status confirmation: the mobile app shows a confirmation prompt; upon user approval, it sends the temporary token to the server, which generates the final login token for the PC.

Login completion: the PC receives the token via its polling request and can now access protected resources.

The article concludes by summarizing that QR‑code login hinges on two concepts—QR code fundamentals and token‑based authentication—and invites readers to explore variations such as third‑party QR logins (e.g., WeChat, QQ) for further study.