A Quick Response (QR) code can be used to configure the OMA. The OMA scans the QR code for either online configuration or offline configuration details.
In the case of online configuration, it gets the URL against which the user will be authenticated and registers the OMA app for said user. After a successful authentication and registration, the OMA gets the shared secret from the OAM server to generate the TOTP.
In the case of offline configuration, it is assumed that the customer develops a web application and a user is authenticated by said application. The OMA scans the QR code which must have the shared secret, shared secret encoding information and optionally the OTP validity duration, the hashing algorithm to be used for TOTP or the length of the OTP (5 digits/6 digits).
The QR code needs to be created from any of the following configuration URLs.
oraclemobileauthenticator://settings?LoginURL::=http://OAMhost:port//ms_oauth/resources/userprofile/secretkey
oraclemobileauthenticator://settings?AuthServerType::=HTTPBasicAuthentication&&LoginURL::=http://OAMhost:port/ms_oauth/resources/userprofile/secretkey&&ServiceName::=MyBank
oraclemobileauthenticator://settings?AuthServerType::=OAuthAuthentication&&LoginURL::=http://OAMhost:port/ms_oauth/resources/userprofile/secretkey&&ServiceName::=OAuth&&OAuthClientID::=8d91cb4821dd417286ca973045e9e25a&&OAMOAuthServiceEndpoint::=http://OAMhost:port/ms_oauth/oauth2/endpoints/oauthservice
The mobile phone user needs to go to the "Add Account" screen and select the "Scan a barcode" option. After positioning the QR code in front of the phone's camera, the OMA app will update its configuration. See "Understanding Oracle Mobile Authenticator Configuration" for additional configuration URLs.