POS Kiosk Mode Direct
by Odoo DevHouse https://apps.odoo.com/apps/modules/browse?author=Odoo%20DevHouse$ 199.16
In-App Purchases| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
•
Discuss (mail)
• Point of Sale (point_of_sale) • Inventory (stock) • Invoicing (account) |
| Lines of code | 352 |
| Technical Name |
pos_kiosk_mode_direct |
| License | OPL-1 |
| Website | https://apps.odoo.com/apps/modules/browse?author=Odoo%20DevHouse |
POS Kiosk Direct - Secure Token-Based Autologin for Cashier Terminals
Give every kiosk device a revocable token instead of a real password. One URL opens straight into the configured POS session - no login screen, no credentials exposed in local files.
A typical unattended kiosk launcher needs a real Odoo login to open the POS automatically - which usually means a cashier's password sits in plain text somewhere on the device: a local HTML file, a browser bookmark, a kiosk-mode config script.
That creates real, ongoing operational risk:
- Anyone with physical or file access to the device can extract the password
- Rotating a compromised password breaks every other kiosk sharing that same login
- No visibility into which terminals are actually being used, or when
- No audit trail of who configured, reconfigured, or decommissioned a terminal
- A kiosk that silently goes offline is only noticed when a cashier complains
- Losing a device means scrambling to change passwords everywhere at once
This module adds a dedicated Direct POS Kiosk configuration per physical terminal: a server-generated token (stored only as a SHA-256 hash, never in plaintext), the Odoo user the terminal should run as, and the target POS to open. The kiosk launcher calls a single URL; Odoo verifies the token and redirects straight into the POS session - the real password never has to leave the server, and the token can be revoked in one click at any time.
Common Question: Does "Login + Password" Mode Show a Login Screen?
No - neither mode ever shows a login screen at the kiosk. That is the entire point of this module. "Login + Password" describes what Odoo does automatically, behind the scenes, in the split second between the kiosk opening its URL and landing in the register - it does not mean a cashier types anything. The token in the URL is what replaces the password prompt in both modes. The only real difference is how strict that behind-the-scenes check is: "Login + Password" performs a genuine, verified Odoo login before opening the session, while "Session User" skips that check entirely for terminals that are already physically secured.
- Tokens Never Stored in Plaintext: only a SHA-256 hash plus the last 4 characters are kept, checked with a timing-safe comparison
- Two Auth Modes for Two Trust Levels: a real Odoo login for standard terminals, or a zero-password session for physically secured kiosks
- One-Click Copy-to-Clipboard Kiosk URL: the ready-to-use URL is assembled automatically - nothing to type or paste together by hand
- Instant Revocation: a lost or compromised device is neutralized in one click, without touching any other terminal's credentials
- Full Audit Trail: every configuration change and every token generate/revoke is logged automatically in the chatter
- Automatic Stale-Terminal Alerts: a background cron flags terminals that go quiet, assigns a to-do, and auto-resolves it once the terminal is active again
- Central Fleet Monitoring: every terminal, across every site, visible and sortable from one list view
- Zero Impact on Standard POS: once the cashier is in the POS UI, everything behaves exactly like a normal login
1. Every Terminal, One Screen
Settings â Technical â POS Kiosk Direct â Direct POS Kiosks. The fleet's entry point: create a new terminal or review every device already configured, across every site.
2. Configure the Terminal
Give the terminal a name, site and terminal code, pick the POS it should open, choose an auth mode, and assign the Odoo user it runs as - a stale-alert threshold is included by default.
3. Generate a Token - Copy the Ready-to-Use URL
One click builds the full kiosk URL - host, terminal code, and a fresh 216-bit token - and shows it once with a one-click copy button. Paste it straight into the kiosk launcher.
4. Daily Use - Straight Into the Register
The kiosk opens that one URL and lands directly inside a live, authenticated POS session - cart, products, and payment all ready to go. No login screen, ever.
5. Monitor the Whole Fleet at a Glance
Sort by Last Start At to see which terminals are active and which have gone quiet. The Is Stale column and row highlighting flag trouble before a cashier has to call it in.
6. Every Change, Logged Automatically
Reassigning a terminal to a different auth mode, user, or POS is tracked in the chatter with the old and new value - a full history of who changed what, and when. The Odoo password is deliberately never logged.
7. Get Alerted the Moment a Terminal Goes Quiet
A background cron checks every provisioned terminal. Past its configured threshold, a red "Stale" ribbon appears, a chatter warning posts, and a to-do activity is assigned automatically.
8. Resolves Itself When the Terminal Comes Back
As soon as the terminal starts a session again, the same cron clears the stale flag, posts a "back online" note, and automatically marks the to-do as resolved - no manual cleanup needed.
9. Lost or Decommissioned? Revoke in One Click
Revoke Token instantly clears the credential - the old token stops working immediately, and the action is logged in the chatter alongside the rest of the terminal's history.
Installation & Configuration
- Install the Module: Install through Odoo Apps or manually copy to the addons path
- Dependencies: Requires
point_of_saleandmail - Restart Server & Update: Restart Odoo and update the app list
- Create a Terminal: Settings â Technical â POS Kiosk Direct â New, one record per physical device
- Generate a Token: Click Generate Token, copy the URL, paste it into the kiosk launcher's configuration
- Test: Open the URL on the kiosk device - it should land directly in the configured POS session
Step 1: Install Module
Step 2: Create a Terminal Record
Go to Settings â Technical â POS Kiosk Direct â Direct POS Kiosks â New. Give the device a Site Code and a globally unique Terminal Code, then pick the POS Config it should open.
Step 3: Choose the Right Auth Mode
Two modes, two trust levels - in both cases, the kiosk itself never shows a login screen; the difference is only how strictly Odoo checks the credential behind the scenes:
- Login + password - Odoo performs a real authentication automatically, the same check as the login form, using the credential already configured on the terminal. Use this for most terminals.
- Session user without password - the token alone grants access, no password check at all. Reserve this for terminals that are physically locked down (behind a counter, kiosk-mode browser with no address bar).
Step 4: Generate and Distribute the Token
Click Generate Token. Copy the URL shown in the one-time popup and configure the kiosk launcher to open it on boot. The token is never shown again - only its last 4 characters remain visible on the terminal record for identification.
Step 5: Monitor and Respond
Use the list view's Last Start At and Is Stale columns to see the health of the whole fleet. If a device is lost, stolen, or reassigned, open its record and click Revoke Token immediately, then generate a fresh one when ready.
Pro Tip - Roll Out Gradually
Each terminal is configured independently, so you can migrate one kiosk at a time from a manual login to a token URL without touching any other device or interrupting service.
Security Note
Session user without password mode skips authentication entirely once the token is valid. A leaked token for one of these terminals is equivalent to a permanent, unattended login. Use it only on terminals that are physically secured.
Multi-Site Retail Chains
Provision and monitor dozens of terminals across many stores from one central list view.
Unattended Self-Checkout Kiosks
Session-user mode opens the register with no password screen ever shown to shoppers.
Pop-Up Stores & Seasonal Events
Spin up a terminal in minutes and revoke it just as fast once the event is over.
Franchise & Multi-Tenant Deployments
Each franchisee's terminals stay independent - a compromised token never affects another location.
Hotel Lobby & Concierge Terminals
Guest-facing devices open straight into a limited POS session, with credentials never on-screen.
Warehouse & Outlet Stores
Backup counters and overflow registers get their own terminal record, monitored the same way.
Eliminates Password Exposure Risk
No Odoo credential ever sits in a kiosk's local files - only a revocable token.
Faster Incident Response
Revoke one lost device in a click, without rotating a password shared by other terminals.
Proactive Fleet Monitoring
Stale-terminal alerts surface a broken or abandoned device before a cashier has to report it.
Full Compliance-Ready Audit Trail
Every configuration change and every token action is logged automatically - no extra effort required.
Which Odoo version does this support?
Odoo 19.0. It is built and tested against the Odoo 19 Point of Sale and mail chatter APIs.
Does this need Odoo Enterprise, or does it work on Community?
It works on Odoo Community. The module only depends on point_of_sale
and mail, both free, Community-edition modules - no Enterprise app is required.
Do kiosk tokens expire automatically?
No. A token stays valid indefinitely until someone clicks Revoke Token on that terminal. There is no automatic time-based expiration, so build token rotation into your own security policy (for example, revoking and reissuing on a schedule, or immediately whenever a device changes hands) rather than assuming it happens on its own.
I run several companies in one database - are terminals scoped per company?
Not currently. Any user with System Administrator access can see and manage every terminal across every company from the same list view. If several companies share one database, control who has System Administrator rights accordingly.
A kiosk URL shows "No database is selected... server-wide controllers" - what does that mean?
This is a general Odoo hosting detail, not specific to this module - it appears when your Odoo
server hosts more than one database and neither dbfilter nor db_name
is configured, so Odoo cannot guess which database an unauthenticated kiosk request belongs to.
Fix it once, server-side: set dbfilter to your database in odoo.conf (or
start Odoo with -d your_database) so kiosk URLs work without ever needing a
?db= parameter - exactly how a real single-tenant kiosk deployment should be set up.
What happens to my terminals and tokens if I uninstall the module?
Every Direct POS Kiosk record, including its token, is removed along with the module - the standard Odoo behaviour for data owned by a module. Your POS configurations, orders, and users are entirely unaffected; only the kiosk-to-terminal mapping disappears. Reinstalling starts from a clean slate, so plan to recreate each terminal and generate fresh tokens afterward.
Do You Need Assistance or Have a Feature Request?
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
•
Discuss (mail)
• Point of Sale (point_of_sale) • Inventory (stock) • Invoicing (account) |
| Lines of code | 352 |
| Technical Name |
pos_kiosk_mode_direct |
| License | OPL-1 |
| Website | https://apps.odoo.com/apps/modules/browse?author=Odoo%20DevHouse |
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module