SudoSOS Back-end API / authentication / QRAuthenticator

Class: QRAuthenticator

The QR Authenticator enables QR code-based authentication in SudoSOS. This authentication method allows users to authenticate by scanning a QR code with their mobile device, providing a convenient and secure authentication flow.

QR Authentication is a session-based authentication method. It creates temporary sessions that can be confirmed by authenticated users, allowing for secure authentication flows without requiring direct credential input.

QR Authentication Flow

Client requests a QR code via /authentication/qr/generate.
QR Service creates a QRAuthenticator with a unique session ID and expiration time.
Client displays the QR code to the user.
User scans the QR code with their mobile device.
Mobile App opens the confirmation URL with the session ID.
Authenticated User confirms the session via /authentication/qr/{sessionId}/confirm.
System generates a JWT token and notifies the original client via WebSocket.

Session States

PENDING: Session is waiting for user confirmation
CONFIRMED: Session has been confirmed by an authenticated user
EXPIRED: Session has exceeded its expiration time
CANCELLED: Session was explicitly cancelled

Security Features

Sessions have a configurable expiration time (default: 5 minutes)
Each session has a unique UUID that cannot be guessed
Sessions can be cancelled to prevent unauthorized access
JWT tokens are only delivered via WebSocket, making them difficult to intercept

Extends

BaseEntityWithoutId

Constructors

Constructor

new QRAuthenticator(): QRAuthenticator;

Returns

QRAuthenticator

Overrides

BaseEntityWithoutId.constructor

Properties

Property	Modifier	Type	Description	Inherited from
`cancelled`	`public`	`boolean`	-	-
`confirmedAt`	`public`	`Date`	When the session was confirmed	-
`createdAt`	`readonly`	`Date`	The creation date of the object.	`BaseEntityWithoutId`.`createdAt`
`expiresAt`	`public`	`Date`	-	-
`sessionId`	`public`	`string`	-	-
`updatedAt`	`readonly`	`Date`	The last update date of the object.	`BaseEntityWithoutId`.`updatedAt`
`user`	`public`	`User`	The user that confirmed the session (null if pending)	-
`version`	`readonly`	`number`	The current version of the object.	`BaseEntityWithoutId`.`version`

Accessors

status

Get Signature

get status(): QRAuthenticatorStatus;

Returns

QRAuthenticatorStatus

Methods

response()

response(): QRCodeResponse;

Returns

QRCodeResponse

containers

Classes

Interfaces

Type Aliases

point-of-sale

Classes

Interfaces

Type Aliases

product-categories

Classes

Interfaces

products

Classes

Interfaces

Type Aliases

Functions

vat

Enumerations

Classes

Interfaces

Functions

inactive-administrative-cost-request

Interfaces

inactive-administrative-cost-response

Interfaces

wrapped-response

Interfaces

user-notification-preference-controller

Classes

user-notification-preference

Enumerations

Classes

inactive-administrative-cost

Classes

user

Classes

wrapped

Classes

base.html

Interfaces

Functions

inactive-administrative-cost-report.html

Interfaces

Functions

transaction.html

Interfaces

Functions

transfer.html

Interfaces

Functions

inactive-administrative-cost-notification

Classes

transaction-notification

Classes

Functions

user-got-inactive-administrative-cost

Classes

user-type-updated

Classes

user-type-updated-with-reset

Classes

1761324427011-member-authenticator

Classes

1761328648026-add-organ-membership-index

Classes

1763399087409-rename-gewis-to-external

Classes

1764615514906-user-notification-preference

Classes

1764842063654-add-wrapped-table

Classes

1765826596888-add-wrapped-organ-member

Classes

1768697568707-user-setting

Classes

1769000095806-add-last-seen-to-user

Classes

abstract-channel

Classes

mail-channel