Skip to content

Signed QR Codes

Enabling the Signed QR Code Feature

The signed QR code feature allows users to sign the QR code for onboarding with a private key, so that unauthorized people cannot duplicate the QR code and misuse it.

When onboarding using a signed QR code, the client code should provide a public key to verify the signature. Verification will fail if the QR code is duplicated, so the onboarding process won't continue.

Refer to the Configuring Digitally-Signed QR Codes topic to enable this feature and either generate public and private key pair or provide your own keys.

The users must create a file SignedQRCodePublicKey.pem and paste the generated public key in it. This file should then be placed in the folder .mdkproject/App_Resources/Android/src/main/assets for android, and in the folder .mdkproject/App_Resources/iOS for iOS.

Using Signed QR Code in Mobile Development Kit Client

The property SignedQRCodeOption is available under BrandedSettings.json > ConnectionSettings block in .mdkproject. This property accepts one of the following values:

  • SignedOnly: Mobile Development Kit client accepts only signed QR codes
  • UnsignedOnly: Mobile Development Kit client accepts only unsigned QR codes
  • Both: Mobile Development Kit client can accept both signed and unsigned QR codes

This property indicates if the app requires a signed QR code, an unsigned QR code, or both for onboarding a user. The default value for this property is Both.

For instance,

```json "ConnectionSettings": { "EnableOverrides": true, ... "SignedQRCodeOption": "SignedOnly", ... }

Last update: April 20, 2023