Front end
The process works as follows for the end user in the front end.
1. Login button¶
The end user goes to the mobile client app (or the client app website on their desktop) and invokes the Login call-to-action (CTA), such as a button or a link.
2. XYZ app¶
The end user is redirected to the XYZ app where they are asked to consent to the client having a certain scope of access to their information.
For example, if the client app requires an upload of a photo to function, they may ask for access to a photo folder that concerns them.
Another example might be an email address that the end user owns.
The redirect to the XYZ app happens via one of two paths, depending on whether the end user stared on the mobile client app or on the desktop client app site.
Starting in the mobile client app¶
Clicking on the Login button takes the end user to their mobile app store to first download the XYZ app. The app then opens automatically to display the consent form.
Starting on the desktop client app website¶
Clicking on the Login button redirects the end user to a web page where they are asked to use their mobile device to follow a certain link. The easiest (but not the only) way to do this currently is to scan a QR code with their mobile device.
The QR code is not much more than a URL encoded in a form which cameras can read and process. The specific URL presented by the client takes the end user to their app store to download the XYZ app on their mobile device (or launch it if they already have it). XYZ takes care of the anonymous login part of the relationship between the client app and the end-user.
⭑ Note: The QR-formatted link contains additional information to protect the end-user by preventing man-in-the-middle attacks. This includes, among other things, a login code that XYZ signs and passes to the Unbox authorization server.
3. Consent form¶
In both cases above, the XYZ app opens automatically to display the consent form, which the user "signs" (clicks OK on) to continue.
This form asks for consent for the client to access some limited scope of information about the end user, such as a nickname or an email address.
If the user uses a different email address for each different funder, that is their identity with them, and they get to choose which identity to present to which funder. Ideally, the client asks to access only the bare minimum amount of information required for the purposes of the interaction between the two parties.
4. Return to the original app or site¶
Now authenticated (logged in), the end user continues in the following manner, depending on where they originally started the process:
a. They go back to the logged-in version of the client website on their desktop.
b. They are automatically taken back to the logged-in part of the mobile app where they originally clicked the Login button (in this case the mobile client app).