API Contracts for /qr-code-auth Endpoint

[heyrandhir]

The PR adds API contracts for the QrCodeAuth collection, which includes three endpoints:

• POST /qr-code-auth to create a new authentication document
• GET /qr-code-auth to retrieve all the authentication documents belonging to a specified user
• PATCH /qr-code-auth to update the is_authorized field of an existing qr-code-auth document for the specified user.

[shreya-mishra]

will you please change the origin to qr-code-api-contract this branch ?

[heyrandhir]

will you please change the origin to qr-code-api-contract this branch ?

Done @shreya-mishra , your branch is not up to date with the latest changes in the main branch. There are four file modifications that can be seen. To ensure that only the correct file changes are included in the pull request, please rebase your branch from the most recent main. Thank you.

[prakashchoudhary07]

Why are events, monitor, and progress changes here?

[heyrandhir]

Why are events, monitor, and progress changes here?

Since the target branch is not updated with the latest main we see those file changes. I have asked @shreya-mishra to take a latest pull from main to resolve this.

[sakshambhatt]

LGTM 🚀

[prakashchoudhary07]

GET api returns data which has access token. And we can pass any users Id and get their access tokens right?
Then they will be able to login on behalf of the actual user?
Will it not be concerning?

Correct me if I am missing something please

[heyrandhir]

@shreya-mishra @sakshambhatt shall we remove access token from GET Response ?

[shreya-mishra]

Agreed! sure we can do that

[isVivek99]

since we are not going to store the accesstoken, i don't think we will be able to return it, on a get call.

[shreya-mishra]

will work on route names later, in the second iteration.

[shreya-mishra]

added user_id as well to filter the document on the basis of user_id since we don't have device_id stored in our database.

[prakashchoudhary07]

LGTM