QROGIN is a developer-friendly QR based social login platform delivering FIDO2 passkey-powered passwordless authentication, combining enterprise-grade security with easy integration and seamless identity management.
Using this plugin, developers will be able to generate tamper‑proof (time-limited & one-time use) QR codes and secure one‑click links(button) for QROGIN user-login/signup. The widgets talks to your QROGIN back‑end, displays a countdown, polls for authentication and then fires a JavaScript event so you can finish the flow your way.
Features
- Three modes:
QrWidget,QrWithLink,SecureLinkButton - Customise colours, labels and CSS classes from the shortcode
- Accessible: countdown and refresh button included
- Event‑driven – hook into
qrogin-authenticatedfor SPA redirects - Works on any page/post or block editor pattern
Shortcode
[qrogin_qr_widgets]
Attributes:
See the “Attribute Reference” section below for all options.
Attribute Reference
- base_url (required) – Endpoint that returns QR payload
- status_base (required) – Endpoint polled to read auth status
- tenant_id (required) – Your tenant/account ID
- api_key (required) – API key issued by QROGIN
- mode – QrWidget (default), QrWithLink, or SecureLinkButton
- ttl_ms – Time‑to‑live in milliseconds (default: 55000)
- poll_interval – Polling gap in milliseconds (default: 5000)
- class – Extra classes for the widget wrapper
- button_label – Button inner HTML (default: “Secure one‑time link”)
- button_class – Extra classes for the button
- button_style – Inline CSS for the button
Usage example: catching the authentication event
Add this script to your page (you can adjust the redirect URL):
<script>
document.querySelectorAll('.qrogin-qr-container').forEach(el => {
el.addEventListener('qrogin-authenticated', e => {
const { token, user_id } = e.detail;
sessionStorage.setItem('qroginJwt', token);
sessionStorage.setItem('userId', user_id);
// Redirect to a safe location
window.location.href = '/account'; // <- change this
});
});
</script><h3>Privacy</h3>
This plugin sends only the fields you configure—tenant_id (also known as customer_id), api_key, and associated session data—to your own QROGIN back‑end. All traffic travels over HTTPS to QROGIN‑owned sub‑domains (*.qrogin.com) only. No data is transmitted to the plugin author or any other third‑party service.
