1. Guides
  2. /
  3. Authenticate the user
  4. /
  5. Use scan code login authentication
  6. /
  7. Use self-built App to scan the code to log in to the website
  8. /
  9. Custom configuration items

Custom configuration items

Update Time: 2025-02-18 09:00:47
Edit

Authing has always been devoting to bring developers a highly customized development experience. Therefore, we provide the following custom configuration items. Developers can balance security and convenience according to their business needs. Developers can customize the configuration in the Authing console (opens new window) Settings -> Security Information -> App Scan Code Login Web Custom Configuration.

QR code valid time

The default 120 s.

Whether to query the QR code status interface to return complete user information

It does not return by default. Since the query QR code status interface does not have permission verification, it means that there is a security risk to directly return user information (including the login credential token) on this interface, so we recommend that developers follow the best practice: query QR code The status interface only returns the user's nickname and avatar, and uses the ticket to get user information.

ticket valid time

The default is 300 s.

Whether getting user information by ticket in the browser is allowed

It is not allowed by default, it needs to be called on the server side, after the user pool key is initialized. Click to learn how to initialize the back-end SDK.

A typical usage scenario is: after the user scans the QR code to agree to authorization, and the developer obtains the ticket, sends to backend, and gets user information by backend SDK, then redirects to the logged-in page, and writes the user information into localStroage at the same time.