Authra 2FA - QR Auto Scanner

Scan otpauth QR codes on the active page & view TOTP codes from Authra 2FA.

1. Single purpose description (Deskripsi satu tujuan) Authra 2FA is a two-factor authentication (2FA/TOTP) code manager. Its single purpose is to let signed-in users view the time-based one-time passcodes (TOTP) from their Authra account in the browser, and to scan otpauth QR codes displayed on the current page so they can add new 2FA accounts. 2. activeTab justification activeTab is used to access the current tab's content only when the user explicitly clicks the extension to scan an otpauth QR code shown on that page. It is never used to read tabs automatically or in the background. 3. scripting justification scripting is used to inject a content script into the active tab, on a user-initiated action, to locate and read the otpauth QR code on the page so it can be imported into the user's account. Injection only occurs when the user starts a scan. 4. offscreen justification offscreen is used to create an offscreen document that decodes QR code images with a locally bundled QR library. QR decoding needs DOM/canvas APIs that are not available in the extension service worker. 5. Host permission justification (penggunaan izin host) Host access to the Authra API endpoints is required to authenticate the user and fetch their TOTP codes over HTTPS. The optional <all_urls> host permission is only requested on demand, when the user chooses to scan a QR code on a page, and is not used otherwise. 6. Remote code justification (penggunaan kode jarak jauh) This extension does not use remote code. All JavaScript, including the QR decoding library, is bundled inside the extension package and runs locally. The extension only makes HTTPS API calls to fetch data (TOTP codes); it never downloads or executes external scripts. │ Penting: pada pertanyaan "Apakah extension menggunakan kode jarak jauh?", pilih "Tidak, saya tidak menggunakan kode jarak jauh" (No, I am not using remote code). 7. storage justification storage is used to keep the user signed in by storing their authentication session token and UI preferences in chrome.storage.local. No 2FA secret keys are stored in the extension.