This code is a proof of concept that adapts the security concepts of RFC8628 outside of a typical OAuth flow. It is not an implementation of RFC8628. It implements cross-device authorization with a QR code. This may be useful for guest devices which need short term access to an account or some resources.
To explore the essence of cross-device authorization, clone this repository, install its dependencies with npm i and then run with npm run start.
I encourage you to use ngrok http 3000 to try out this demo on your own machine and phone.
This repository is largely machine generated. The solution within has been guided and is not the result of asking "Make me a qr code login code". Every line of code has been reviewed by me and I can attest that it depicts the distilled concepts I am trying to share with no frivolous distractions, omissions, or generated mistakes.
While I would code things quite differently if I wrote this my own and ran it on cloudflare, I opted to produce a simple demo that you could run on your own machine with libraries that are well known, documented, and written about.
There is no database! Instead, JSON files are saved in a data folder.
Critique on code quality is not welcome. Features requests will not be acknowledged. Issues will not be addressed, questions posted through issues will be ignored. You have been warned.