kjagiello
commented
7 years ago @ElinSwedin I've mentioned earlier that the data in the QR-code should be some kind of temporary authentication token that could be used by the user to access different endpoints, like this for example /user/<token>/ or /user/<token>/history/ etc. The token could be produced using cryptographic signing, so we would need to store anything in database. I've mentioned JSON Web Tokens, but there is also a cryptographic signing API provided in Django. Both seem perfectly fine for our us, but the Django one is already available to us, so no need for an additional dependency.
Currently, customers need to contact one of the staff members in order to change any account details or in order to register the card. The idea is to present a QR-code in the kiosk UI, let the customer scan it and it will lead them to either registration page or a profile page, where account details can be updated, purchase history viewed, etc. Everything should be mobile friendly.
Prioritised task list: