I have thought in my mind to embed the short-term access token in the HTTP header and pass it through url so that each time a mobile user scans the identification card (have a string encoded in url, for example http: // example .com / api / v1 / authenticate) and authenticate the user.
My purpose is to print the identification card with QR code and log in to the application with just scanning and, if it is authenticated, it will automatically be registered.
The problem is how to make an identification card with QR code to login to the mobile application? Simply, the user does not want to take assistance manually and does not want to enter a password every time they log in to the application. There is another requirement that the application should not be started all the time.