QR code mechanism
Scanning QR codes
Last updated
Scanning QR codes
Last updated
This section serves to illustrate how wallets can employ the QR code scanning feature to carry out tasks such as login, smart contract invocation, and other services.
There are two parties that are involved in the process:
The dApp : Blanket term that representsdApps developed for the users of Ontology ecosystem.
The Provider: Wallets that support dAPI , and adhere to it's specifications.
A dApp provides a QR code and the user scans it using the wallet. The QR code mechanism currently supports two functions: login and contract invocation.
The process flow is as follows-
Wallet scans the QR code provided by the dApp.
Provider fetches the callback URL and the verification message, carries out user authentication and signature, and the transaction is carries out using the dApps callback address.
The dApp back end carries out signature verification and returns the result to the wallet.
The process flow is as follows-
Wallet scans the QR code provided by the dApp.
Wallet initiates a transaction, the user signs it, the transaction is pre-executed, the user provides confirmation, the information is transmitted on to the chain, and finally the transaction hash is returned to the dApp back end using the callback address provided.
dApp back end uses the transaction hash to query the successful contract execution and transaction details.
The following scenarios can be realized by integrating the dAPI -
Authentication is carried out by scanning the QR code from the wallet. The wallet fetches login parameters, carries out signature authorization and sends them to the dApp back end.
Field
Data type
Description
action
string
States the function performed by the QR code, Login to be defined as "login" and contract invocation as "invoke"
id
string
Serial number (optional)
type
string
Login method used, ONT ID login to be set as "ontid" and wallet address login to be set as "address"
dappName
string
Name of the dApp
dappIcon
string
dApp icon resource link
message
string
Randomly generated message for identity verification
expire
long
Unix time stamp for when the QR code expires (optional)
callback
string
Callback URL to communicate with the dApp back end
Here's the post method message structure:
Field
Data type
Description
action
string
Operation type
id
string
Serial number (optional)
params
string
Parameters required by the method
type
string
Login method used, "ontid" if ONT ID is used to login and "address" when the wallet address is used to login
user
string
Identifier of the account that is used for signature
message
string
Randomly generated message for identity verification
publickey
string
Account's public key
signature
string
Digital signature
If the transaction was successful, the success message is sent in response.
Otherwise, the failure message is sent in response.
Message signature is essentially the same as login protocol, except that the dApp name and the icon are not a part of the request that is sent.
The structure of the signature request sent by the dApp after URI and Base64 encoding are as follows:
Or when multiple messages are signed:
Field
Data type
Description
action
string
Operation type
type
string
Login method used, "ontid" if ONT ID is used to login and "address" when the wallet address is used
message
string
Randomly generated message for identity verification
ishex
bool
Whether the message is a hex code
callback
string
Callback URL to communicate with the dApp back end
The response that the wallet sends back to the dApp, after URI and Base 64 encoding, is structured as follows:
If the action is "multimessage" the response sent back to the dApp is an array
A payment operation also falls under the category of contract invocation, adopting a uniform protocol standard. The standard can be defined as follows:
Field
Data type
Description
action
string
Operation type, Login to be defined as "login" and contract invocation as "invoke"
qrcodeUrl
string
Address for QR code parameters
callback
string
The callback address to send the transaction hash to the dApp back end
The data obtained from the qrcodeURL link's GET method is as follows-
Base58 addresses such as AUr5QUfeBADq6BMY6Tp5yuMsUNGpsD7nLZ can be assigned to the %address parameter, and the wallet will automatically assign it as the wallet's asset address. If the parameters contain an %ontid, the wallet will also automatically assign it to the wallet's ONT ID address.
The wallet initiates a transaction, the user authenticates and signs it, the transaction is pre-executed, issued, and then the transaction hash is sent to the callback URL using POST method.
The success message has the following structure:
And the failure message is as follows:
Pre-executing a transaction is optional. One of the main functions is serves is informing the user how much ONT or ONG is involved in a particular transaction. The Notify message that is returned upon pre-execution can deliver the information regarding the amount of ONT/ONG the user will spend for a particular transaction in terms of transaction costs.
The Notify message needs to be parsed to make a judgement, because a transaction may have multiple transfer or smart contract events. If the other contract events don't need to handled, then the nature of transferred tokens can be judged from the address i.e. ONT/ONG and the transfer method along with the sender.
It is also advised that the the sender and amount should be displayed on the UI. There is a transaction fee which roughly equals to 0.01ONG
If the pre-execution is a success the response from the node is:
But if it fails, the Error value would be greater than 0.
Signature verification methods
Transaction event query methods
Cyano Wallet
dAPI - Mobile provider SDK
dAPI - Mobile client SDK
