#Suggestion for BackChannel grant (NFC tap to connect)

SO what i am trying to create is a way for my users to authenticate a thirdparty device through nfc tap

Users are connected to front end application using auth0 (users login with personal acc -> Auth0 generates accessToken -> user sendsToken in every request)
I have a PC that the users will have the opportunity to use for some minutes/hours i need a wayt for them to tap an nfc in the machine and gain access without having to type email password 2fa and all of those something like (discords scanQr and sign in but with nfc tap)

Any suggestion should i keep using auth0 should i move in keycloak or another identity server ?

Amy suggestions

You would need a client interface capable of reading NFC cards, do you have a way to do that currently?

Also do you have an NFC reading device, or does your computer have one built in?

I imagine NFC tags could be considered FIDO security key, so it would be implemented in a way similar to how smartphones validate a user's fingerprint on a fingerprint scanner.

https://auth0.com/docs/secure/multi-factor-authentication/fido-authentication-with-webauthn

^ That article does actually mention NFC

Yea I already have a mfc reader connected to a rpi that can read data from a phone etc

I already made a scenario that user scans a nfc and the device shows the task that the user needs to do

But I also need a functionality thAt the user will scan the NFC and the device will be receive a temp token that will be access token for the specific user

The main purpose is that I don't want the user to type username/email or password to gain access

As the only use of the machine will be about 2-5 minutes and then the next user should be able to login

I want the login to be temporary
Fast and not requiring users action something like discords scan(from an already authenticated device) to login to another device

Does the NFC card contain information about the user's identity, or is it just some sort of fingerprint/ID?
If the latter, the user would need to login with some other method to create that link between the ID and the who the user is

Yea sure it can contain what ever I can include userId and whatever I want

As I say for the first part that is ready I send user id to the other machine

I don't know how much security is a concern, but assuming you have writable NFCs, couldn't anyone just change their card's user ID to a different user and login and someone else?

That's what I say

I want something like discord qr scan user scans qr server generates a access token and sends to client (in my case) user taps nfc server check if the device is really authenticated and then creates access token

But I don't know how to implement it with auth0 I just want to find some related article for help or something

Well in the case of a QR code, those usually represent some kind of signed token with a limited lifetime, which isn't something you can do with a static key on an NFC card. I suppose you could write some kind of access token to the NFC card instead, which has a signed value, which is a bit more secure.
Can't say I've done anything like that with Auth0 before though, sorry

You don't understand the NFC card will not be static

The phone of the user will generate the nfc

The user will tap their phone on the NFC reader