I’m building a Thunkable app that must scan many QR codes. The desktop web uses Laravel + JWT (email/password). I want a “Login with phone” flow: the desktop shows a QR; the mobile app scans it and approves the desktop session.
Constraints: I’m currently on Drag-and-Drop (DnD); I can switch to Snap-to-Place (StP) if needed.
Questions:
-
Is a QR-based approval flow possible in DnD (without a native scanner), or should I use StP’s Barcode Scanner?
-
Recommended architecture for security (nonce, expiry, one-time use)?
-
In Thunkable, what’s the best practice to:
-
Scan the QR (DnD vs StP)
-
Send
{request_id, nonce}with an authenticated mobile JWT to the server -
Let the desktop poll for approval
-
What I’m thinking:
-
Desktop generates
{request_id, nonce}→ shows as QR → polls/qr/status. -
Mobile scans → POST
/qr/claimwith{request_id, nonce, mobile_jwt}. -
Server verifies and approves → desktop session logs in.
Any code/block examples or gotchas (especially for DnD/Web Viewer postMessage) would be appreciated!