ThiefMaster
commented
1 year ago Let's keep this as a "maybe nice to have one day" for now!
- Since you need to log in to Indico on the phone nonetheless, the usefulness is somewhat limited - in particular if you want to share the link with others (e.g. people who do ticket checks at the venue but have otherwise nothing to do with Indico)
- It would be possible to provide a way to pre-generate a token in Indico (ie skipping the oauth/login step in the app) and pass it to the app, but this would be a security issue when shared between multiple people (and I'm sure some people would do it even if we showed big fat warnings)
So I think the only way a link to a preconfigured checkin app in a secure way would involve some more changes on the Indico side:
- Add a setting that enables a generic checkin link w/o individual user authentication, and when enabled:
- The direct setup link would contain data and a random token (probably in the
#part so it's never sent to the server hosting the app) which grants access to the checkin-related APIs (not in the context of a specific user) - This token would be used instead of the usual oauth token in order to make any API calls within that event
But since this is a decent chunk of work for a usecase which so far nobody really needs, I think it's nice to have this issue around as a future idea, but I would certainly not spend any development time on it at the moment.
This would be in addition to the QR code. Not a priority but nice to have