AuthSync – A Passwordless, Cross-Device Authentication System (Inspired by WhatsApp Web & FIDO2)

debug User — Mon, 16 Jun 2025 17:14:56 +0000

Ever wondered how you can just scan a QR code and log in on another device?
I did too — and that curiosity led me to build AuthSync: a passwordless, cross-device authentication system.

I was inspired by systems like WhatsApp Web and FIDO2, where you don’t have to re-enter credentials every time. Just scan a code — and you’re in.

So I built a system where:

You log in once using credentials.
After that, you can transfer sessions to another device using a QR code.
You can also instantly revoke all other sessions from your primary device (i.e., the device you originally used to register).

Key Features:

✅ Passwordless session transfer using QR
✅ First login via credentials (for safety)
✅ Emergency lockout — cut off all other sessions
✅ Device Tracking — Tracks all devices logged in per user, showing unique device IDs, timestamps, and active status.

How It Works (Simple Flow Explanation)

Once you’ve logged in on one device, AuthSync allows you to securely authenticate into another by scanning a QR code generated by the first device. The server verifies the session and grants access — no password required.

If anything ever feels suspicious, you can trigger an emergency lockout, revoking access from all devices except your primary device.

Here’s a simple user journey overview:

And here’s a deeper look at how session transfer and lockout work internally:

🛠 Tech Stack & How I Built It

I built AuthSync using the MERN stack:

MongoDB – For storing user sessions, device metadata, and user details
Express.js – To power the backend API and handle authentication logic
React.js – For the client interface, including QR code scanning
Node.js – For backend runtime and managing async workflows

Key libraries & tools I used:

jsonwebtoken – For secure session tokens
qrcode – To generate scannable session transfer codes
uuid – To uniquely identify device sessions
bcrypt – For securely hashing passwords (for the initial login)
JWT cookies – To persist authentication tokens securely

🧱 About the structure:

The project isn’t in its cleanest form yet — the client lives inside a client/ folder, but the backend is still at root level. I plan to make it more modular and organized as I improve it.

Why I’m Sharing This

This was just me trying to build something useful, even if it’s not perfect. I’ve focused on making the core features solid, but it’s still a functional prototype, not fully production-ready.

Still, I’d love for you to explore the code, try things out, and share any thoughts or suggestions!

🔗 Here’s the GitHub repo — feel free to explore the code or try it out:
[https://github.com/Ragini24-creator/authsync]

DEV Community: debug User

AuthSync – A Passwordless, Cross-Device Authentication System (Inspired by WhatsApp Web & FIDO2)