Bridging the gap between IT and Physical Security

With the API based architecture of nextAuth, one can do interesting things. I developed a Proof-of-Concept whereby the nextAuth mobile user authentication is used to open a lock. The lock is opened (i.e. the green led lights up) by pushing a button, if at that point a user is logged in. This Proof-of-Concept is fairly basic and only uses a limited subset of the nextAuth API. Even so, it shows the ability to integrate the nexAuth solution in IoT projects.

I used a NODEMCU ESP32 microcontroller development board for interacting with the nextAuth API. The ESP32 microprocessor is very flexible and has onboard WiFi and Bluetooth. Many examples can be found online on how to program it. I used the Arduino IDE as it is simplest way to get started with microprocessors.

Before logging in, you need the nextAuth app (Android, iOS) and register it with the server. Through the nextAuth dashboard you can set up your own virtual nextAuth server. To log in, you scan a QR code with the app, and input your PIN or biometric (fingerprint or FaceID). The QR code contains the server identifier and a session identifier. With this session identifer the lock can check through the API if a user has logged in. This is done after the user pushes the button. If a user is logged in, the lock opens (i.e. the green led lights up). As soon as the lock opens, it triggers a logout for the user, resetting it for the next user. Here the session identifier is just used as a way to identify the lock the user is logging in for. The QR code is thus fixed and can be printed on a piece of paper or even a sticker to hang next to the lock.

What happens on a technical level is: