QR code mechanism
Mobile wallet QR code functionality
Last updated
Mobile wallet QR code functionality
Last updated
This section aims at assisting the developer with integrating the QR code protocol dAPI
into a dApp. This would allow the user to carry out services like login, invoke smart contracts, and more by scanning QR codes.
The parties involved in the process are:
The dApp
: Blanket term that representsdApps
developed for the users of Ontology ecosystem.
The Provider
: Wallets that support dAPI
, and adhere to it's specifications.
The following charts illustrate the login and smart contract invocation process.
Login
dApp
submits the QR code
The dApp
server executes the login method
The dApp
back end verifies the signature
Smart Contract Invocation
dApp
submits the QR code
Provider
initiates the transaction, the user authenticates and signs, the contract is pre-executed, the user confirms, the process is transmitted onto the chain, and at the end the transaction hash is returned to the dApp
back end
dApp
back end confirms whether the transaction event was a success or failure by querying the chain
The dAPI protocol currently supports login and smart contract deployment actions.
The standard for supported QR codes:
Specification for the above fields-
Field
Data type
Description
action
string
Describes the function of the QR code, login is defined as login
, and smart contract invocation is defined as invoke
id
string
A serial number (optional)
type
string
Login action using ONTID is defined asontid
, wallet address login is defined as account
dappName
string
Name of the dApp
dappIcon
string
dApp
icon resource (link)
message
string
Randomly generated, used for identity verification
expire
long
Unix timestamp (optional)
callback
string
The URL sent to the dApp
back end after the user scans the QR code and completes authentication
This interface is invoked after the wallet is done handling callback procedure. The server address must be an external IP address
Specification for the above fields-
Field
Data type
Description
action
string
Operation type
id
string
Serial number (optional)
params
string
Method arguments
type
string
Login action using ONTID is defined as ontid
, wallet address login is defined as account
user
string
The user account that authenticates the transaction - ontid
or wallet
address
message
string
Randomly generated, used for identity verification
publickey
string
Wallet account public key
signature
string
User's signature - private key
Success response:
Failure response:
This process is analogous to the login protocol in every aspect, with the difference being when the dApp
requests data signature the dApp
name and icon
are not required.
The QR code data of the data signature request looks like:
Multi-signature data model:
Field
Type
Description
action
string
Operation type
type
string
Login action using ONTID is defined asontid
, wallet address login is defined as address
, if left blank the field is set to address
by default
message
string
Randomly generated, used for identity verification
ishex
bool
Whether or not the message is a hex code
callback
string
The URL sent to the dApp
back end after the user scans the QR code and completes authentication
After the wallet's response is decoded by the URI decoder and the Base64 decoder, the resultant data follows the format illustrated below.
The success response returned to the callback address is of the form:
Transactions are also a feature of smart contracts. Here's the standard for smart contract invocation QR code:
Field
Data type
Description
action
string
Operation type, login is defined as login
, and smart contract invocation is defined as invoke
qrcodeUrl
string
QR code argument address
callback
string
Returns the transaction hash to the dApp
server side (optional)
expire
long
Unix timestamp of QR code expiration (optional)
The GET request content based on QR code's qrcodeUrl
is as follows:
A Base58 address, for e.g., AUr5QUfeBADq6BMY6Tp5yuMsUNGpsD7nLZ can be used to fill the %address
parameter. The wallet converts the %address
to the wallet's asset address. If the argument contains the %ontid
, the wallet converts it to the wallet's ontid
address.
When a smart contract is deployed, if the payer
is not specified in the QR code, it is taken from the wallet. If the payer
has been explicitly specified, the wallet verifies if the payer
specified is identical with the wallet's asset address.
The provider
initiates transactions, carries out user authentication and signature, pre-executes the contract, and finally passes the transaction has to the callback URL via POST method.
If the transaction succeeds, the wallet returns the following to callback:
If the transaction fails, the wallet returns:
Signature verification methods
Transaction event query methods
Cyano Wallet
dAPI - Mobile provider SDK
dAPI - Mobile client SDK