DEV Community

debug User
debug User

Posted on

AuthSync – A Passwordless, Cross-Device Authentication System (Inspired by WhatsApp Web & FIDO2)

#webdev #javascript #mern #security

Ever wondered how you can just scan a QR code and log in on another device?
I did too — and that curiosity led me to build AuthSync: a passwordless, cross-device authentication system.

I was inspired by systems like WhatsApp Web and FIDO2, where you don’t have to re-enter credentials every time. Just scan a code — and you’re in.

So I built a system where:

  • You log in once using credentials.
  • After that, you can transfer sessions to another device using a QR code.
  • You can also instantly revoke all other sessions from your primary device (i.e., the device you originally used to register).

Key Features:

  • ✅ Passwordless session transfer using QR
  • ✅ First login via credentials (for safety)
  • ✅ Emergency lockout — cut off all other sessions
  • ✅ Device Tracking — Tracks all devices logged in per user, showing unique device IDs, timestamps, and active status.

How It Works (Simple Flow Explanation)

Once you’ve logged in on one device, AuthSync allows you to securely authenticate into another by scanning a QR code generated by the first device. The server verifies the session and grants access — no password required.

If anything ever feels suspicious, you can trigger an emergency lockout, revoking access from all devices except your primary device.

Here’s a simple user journey overview:
Basic flowchart — how a user interacts with the app

And here’s a deeper look at how session transfer and lockout work internally:
Core feature flowchart — session transfer, lockout

🛠 Tech Stack & How I Built It

I built AuthSync using the MERN stack:

  • MongoDB – For storing user sessions, device metadata, and user details
  • Express.js – To power the backend API and handle authentication logic
  • React.js – For the client interface, including QR code scanning
  • Node.js – For backend runtime and managing async workflows

Key libraries & tools I used:

  • jsonwebtoken – For secure session tokens
  • qrcode – To generate scannable session transfer codes
  • uuid – To uniquely identify device sessions
  • bcrypt – For securely hashing passwords (for the initial login)
  • JWT cookies – To persist authentication tokens securely

🧱 About the structure:

The project isn’t in its cleanest form yet — the client lives inside a client/ folder, but the backend is still at root level. I plan to make it more modular and organized as I improve it.

Why I’m Sharing This

This was just me trying to build something useful, even if it’s not perfect. I’ve focused on making the core features solid, but it’s still a functional prototype, not fully production-ready.

Still, I’d love for you to explore the code, try things out, and share any thoughts or suggestions!

🔗 Here’s the GitHub repo — feel free to explore the code or try it out:
[https://github.com/Ragini24-creator/authsync]

Top comments (0)

Some comments may only be visible to logged-in visitors. Sign in to view all comments.