Skip to content

Closed Alpha

FluxPlay is currently in Closed Alpha. This documentation is a work in progress and may be incomplete or out of date. Features, UI, and APIs are subject to change without notice. For access inquiries, please contact [email protected].

QUICK CONNECT

Grant temporary access to guests using QR codes or 8-digit codes — no account required. Secure, time-limited sessions that expire automatically.

Guest Access Without Accounts

Quick Connect is designed for brief, in-person sharing scenarios. Show a movie to a friend visiting your home, cast to a smart TV, or hand over a tablet — all without creating a user account or sharing your password.

Capabilities

QR Code Flow

Generate a QR code from any content page. A guest scans it to open a temporary session in their browser — no app needed.

8-Digit Code

For screen-to-screen scenarios, generate an 8-digit numeric code. The guest enters it at fluxplay.local/connect.

2-Minute TTL

Codes expire after 2 minutes. Once a session is established, it remains active for the configured session duration (default 4 hours).

Session Binding

Quick Connect sessions are bound to the generating user account and inherit their permission scope.

Security Limits

Rate limiting prevents code brute-force. After 5 failed attempts the endpoint enforces a 15-minute lockout per IP.

Use Cases

Cast to a TV in another room, share playback with a visitor, or hand off to a tablet — without sharing credentials.

How It Works

1

Generate

Tap the Quick Connect button on any media detail page or from the share menu. Choose QR code or numeric code.

2

Share

Show the QR code for the guest to scan, or read the 8-digit number for them to enter at the connect URL.

3

Validate

The server validates the code — it must be unused and within the 2-minute TTL window.

4

Session Created

A guest session is issued, scoped to the generating user's permissions. The code is invalidated immediately after use.

5

Active Session

The guest browses normally until the session duration expires (default 4 hours) or the host revokes it.

Security Model

Quick Connect codes are single-use. Once redeemed, the code is invalidated and cannot be used again. Codes are cryptographically random — the 8-digit display code is derived from a 128-bit server-side token and cannot be predicted from the displayed value.

Security constraints

  • Codes expire after 2 minutes regardless of use
  • Each code is single-use — redeemed immediately on first valid entry
  • 5 failed attempts triggers 15-minute per-IP lockout
  • Guest sessions can be revoked by the host at any time
  • Sessions do not grant account management or admin capabilities

Next Steps

Share Links

Long-lived links for remote sharing

Security & Identity

Full authentication and session model