# Web login with QR code
# Use case
You are looking for a secure way for your end-users to log in to your website, but without the need for usernames and passwords. You want to achieve this whilst still offering a positive and seamless user experience for your end-users.
# How it works
Meet Jane, one of your active end-users who has activated MobileID in your mobile app. Jane needs to log in to your website so that she can access your online services.
- To do this, Jane navigates to your website and arrives at the login page.
- On this page, she sees the option to log in by scanning the displayed QR code with your mobile app. Jane opens your mobile app and scans the QR code.
- Your app displays a message asking if she wants to log in to your website.
- Jane approves the login request using biometrics or a PIN code, and is now able to access your online services.
Jane has now securely authenticated herself with two-factor authentication using your mobile app.
# What it looks like
The following diagram illustrates what a web login could look like with MobileID, from the perspective of your end-user.
This flow assumes that you are using MobileID and that the end-user has an active MobileID user and device.
There are many ways to implement MobileID for web login with a QR code. The following flow is a suggestion:
- The end-user visits your website and navigates to the login screen.
- Your server starts a login session.
- The website displays a QR code of the login session and asks the end-user to scan it.
- The end-user opens your mobile app and scans the QR code.
- Your mobile app will send a request to your server with the ID of the MobileID user and the login session.
- Your server connects the MobileID user to the login session and starts a MobileID authentication.
- The app displays a message asking the end-user to approve the login to your website.
- The end-user approves the login using biometrics or a PIN code.
- MobileID verifies the authentication and sends a response to your server and app; confirming the authentication.
- Your website grants the end-user access to their account.
Using MobileID for web login with a QR code is a straightforward and effective way to provide your end-users with a secure and seamless login experience.
# Sequence diagram