generated from bisco/codex-bootstrap
27 lines
1.0 KiB
Markdown
27 lines
1.0 KiB
Markdown
# ADR-0003: Use Opaque Tokens in QR Codes
|
|
|
|
Date: 2026-04-28
|
|
|
|
## Status
|
|
|
|
Accepted
|
|
|
|
## Context
|
|
|
|
Confirmed reservations need QR codes that visitors can show on a smartphone or printed page. Staff must be able to scan the QR code at the entrance and verify the reservation.
|
|
|
|
QR codes are easy to copy or share, so they must not expose personal data or encode reservation details directly.
|
|
|
|
## Decision
|
|
|
|
QR codes will contain only an opaque, random, non-guessable token or a verification URL containing that token.
|
|
|
|
The backend will resolve the token server-side, validate that the reservation is confirmed, and reject duplicate check-ins. Tokens must not contain names, email addresses, phone numbers, notes, or other personal data.
|
|
|
|
## Consequences
|
|
|
|
- QR codes remain privacy-preserving even if printed, forwarded, or photographed.
|
|
- Token validation stays centralized in the backend.
|
|
- Check-in requires backend availability at the venue.
|
|
- Duplicate check-in prevention depends on reliable server-side state and database constraints.
|