The QR code is basically just a session token plus a unique URI to that session. What I’ve done actually is everything that the user sees is in blue, and everything that’s hidden from the user is in green. At this point, the user scans the QR code which causes the app to then retrieve that session.