QR code mechanism
Scanning QR codes
Last updated
Scanning QR codes
Last updated
This section serves to illustrate how wallets can employ the QR code scanning feature to carry out tasks such as login, smart contract invocation, and other services.
There are two parties that are involved in the process:
The dApp : Blanket term that representsdApps developed for the users of Ontology ecosystem.
The Provider: Wallets that support dAPI , and adhere to it's specifications.
A dApp provides a QR code and the user scans it using the wallet. The QR code mechanism currently supports two functions: login and contract invocation.
The process flow is as follows-
Wallet scans the QR code provided by the dApp.
Provider fetches the callback URL and the verification message, carries out user authentication and signature, and the transaction is carries out using the dApps callback address.
The dApp back end carries out signature verification and returns the result to the wallet.
The process flow is as follows-
Wallet scans the QR code provided by the dApp.
Wallet initiates a transaction, the user signs it, the transaction is pre-executed, the user provides confirmation, the information is transmitted on to the chain, and finally the transaction hash is returned to the dApp back end using the callback address provided.
dApp back end uses the transaction hash to query the successful contract execution and transaction details.
The following scenarios can be realized by integrating the dAPI -
Authentication is carried out by scanning the QR code from the wallet. The wallet fetches login parameters, carries out signature authorization and sends them to the dApp back end.
Field | Data type | Description |
action | string | States the function performed by the QR code, Login to be defined as "login" and contract invocation as "invoke" |
id | string | Serial number (optional) |
type | string | Login method used, ONT ID login to be set as "ontid" and wallet address login to be set as "address" |
dappName | string | Name of the dApp |
dappIcon | string | dApp icon resource link |
message | string | Randomly generated message for identity verification |
expire | long | Unix time stamp for when the QR code expires (optional) |
callback | string | Callback URL to communicate with the dApp back end |
Here's the post method message structure:
Field | Data type | Description |
action | string | Operation type |
id | string | Serial number (optional) |
params | string | Parameters required by the method |
type | string | Login method used, "ontid" if ONT ID is used to login and "address" when the wallet address is used to login |
user | string | Identifier of the account that is used for signature |
message | string | Randomly generated message for identity verification |
publickey | string | Account's public key |
signature | string | Digital signature |
If the transaction was successful, the success message is sent in response.
Otherwise, the failure message is sent in response.
Message signature is essentially the same as login protocol, except that the dApp name and the icon are not a part of the request that is sent.
The structure of the signature request sent by the dApp after URI and Base64 encoding are as follows:
Or when multiple messages are signed:
Field | Data type | Description |
action | string | Operation type |
type | string | Login method used, "ontid" if ONT ID is used to login and "address" when the wallet address is used |
message | string | Randomly generated message for identity verification |
ishex | bool | Whether the message is a hex code |
callback | string | Callback URL to communicate with the dApp back end |
The response that the wallet sends back to the dApp, after URI and Base 64 encoding, is structured as follows:
If the action is "multimessage" the response sent back to the dApp is an array
A payment operation also falls under the category of contract invocation, adopting a uniform protocol standard. The standard can be defined as follows:
Field | Data type | Description |
action | string | Operation type, Login to be defined as "login" and contract invocation as "invoke" |
qrcodeUrl | string | Address for QR code parameters |
callback | string | The callback address to send the transaction |
The data obtained from the qrcodeURL link's GET method is as follows-
Base58 addresses such as AUr5QUfeBADq6BMY6Tp5yuMsUNGpsD7nLZ can be assigned to the %address parameter, and the wallet will automatically assign it as the wallet's asset address. If the parameters contain an %ontid, the wallet will also automatically assign it to the wallet's ONT ID address.
The wallet initiates a transaction, the user authenticates and signs it, the transaction is pre-executed, issued, and then the transaction hash is sent to the callback URL using POST method.
The success message has the following structure:
And the failure message is as follows:
Pre-executing a transaction is optional. One of the main functions is serves is informing the user how much ONT or ONG is involved in a particular transaction. The Notify message that is returned upon pre-execution can deliver the information regarding the amount of ONT/ONG the user will spend for a particular transaction in terms of transaction costs.
The Notify message needs to be parsed to make a judgement, because a transaction may have multiple transfer or smart contract events. If the other contract events don't need to handled, then the nature of transferred tokens can be judged from the address i.e. ONT/ONG and the transfer method along with the sender.
It is also advised that the the sender and amount should be displayed on the UI. There is a transaction fee which roughly equals to 0.01ONG
If the pre-execution is a success the response from the node is:
But if it fails, the Error value would be greater than 0.
Signature verification methods | Transaction event query methods | Cyano Wallet | dAPI - Mobile provider SDK | dAPI - Mobile client SDK |
