Golang HTTP gin-gonic server creating TOTP. No idea how the client can create a QR tag. JavaScript?

I am developing a Open-Source server (https://authserv.io). The server can do all kind of authentication stuff (with focus to e-mail). Now I am writing a HTTP endpoint, where a user can create a TOTP secret. So far this looks like this:

package main

import (
    "bytes"
    "image"
    "image/png"
    "net/http"

    "github.com/gin-contrib/sessions"
    "github.com/gin-gonic/gin"
    "github.com/go-kit/log/level"
    "github.com/pquerna/otp/totp"
    "github.com/segmentio/ksuid"
    "github.com/spf13/viper"
    "golang.org/x/text/cases"
    "golang.org/x/text/language"
    "golang.org/x/text/language/display"
    "golang.org/x/text/message"
)

const (
    cookieAccount = "account"
    cookieTOTP    = "totp"
)

func totpGETHandler(ctx *gin.Context) {
    var (
        buf  bytes.Buffer
        img  image.Image
        guid = ksuid.New().String()
    )

    session := sessions.Default(ctx)

    cookieValue := session.Get(cookieTOTP)
    if cookieValue != nil {
        if cookieValue.(bool) {
            session.Delete(cookieAuthStatus)
            session.Delete(cookieAccount)
            session.Delete(cookieTOTP)

            session.Save()

            ctx.String(http.StatusOK, "You have already registered TOTP")

            return
        }
    }

    cookieValue = session.Get(cookieAuthStatus)
    if cookieValue == nil || AuthResult(cookieValue.(uint8)) != authResultOK {
        HandleErr(guid, errNotLoggedIn, ctx)

        return
    }

    session.Delete(cookieAuthStatus)

    cookieValue = session.Get(cookieAccount)
    if cookieValue == nil {
        HandleErr(guid, errNoAccount, ctx)

        return
    }

    account := cookieValue.(string)

    session.Delete(cookieAccount)

    key, err := totp.Generate(totp.GenerateOpts{
        Issuer:      viper.GetString("totp_issuer"),
        AccountName: account,
    })

    if err != nil {
        HandleErr(guid, err, ctx)

        return
    }

    // Convert TOTP key into a PNG
    img, err = key.Image(200, 200)
    if err != nil {
        HandleErr(guid, err, ctx)

        return
    }

    png.Encode(&buf, img)

    ctx.String(http.StatusOK, "Generated key: %s", key.String())
}

Now I am stuck how to continue.

Variant 1:

I could store the image as a temporary file and render a HTML template. After that removing the file. But this seems ugly, as the image is already in memory and it only needs to be transferred to the client somehow.

Variant 2:

Sending the string to the client and use JavaScript to create a QR code from it. This would be part of a HTML template either, which would be perfect.

Unfortunately I have not that much experience with Web-technologies at the client side, as I used to be a 100% backend developer.

So I only can ask for some ideas/help to point me to the right direction.