Make a "Get Authorization Code" button on the authorized device.
When clicked, generate some code. For example, a hexadecimal four-digit code to make it easy to remember and/or transfer.
Then on the site the authorization button -> enter the code.
The code goes rotten after N minutes of time or after use. N small + debouce by endpoint.
After entering and checking - put the necessary data in the cookie
UPD
You can insert the code into the link ( awesome.com/auth?code=[CODE]) and give the user a link and / or encode this link into a QR code.
In principle, you can immediately put an authorization token in the link, but as for me, this is less safe, after all.
Well, of course, to awesome.com/authread the parametercodeand automatically log in with it, otherwise - ask to enter the code.
Thus, the user may not have any data at all in the account, even the username) === independence from mail / google / etc.

Mail is still needed for identification.
Ask the user for mail and send to this very mail a link of the form:
https://yousite.ru/?authcode=sdksfkjdfsdjksd
Where authcode is an encrypted JSON with the user's mail and the current date.
When someone clicks on such a link, decrypt the JSON back and authorize the user with the email that is specified inside the JSON. The date inside is needed if you suddenly want the link to burn out after a week (let's say).
The advantage of this scheme is that you don't need a database to store users and their passwords. All data is stored in a link that is encrypted only by an algorithm known to you and only you can decrypt it.

For a small weekend project, you can do authorization according to the Elusive Joe principle.
I have been working on several such projects for more than 10 years, where you do not need to log in - just write any name. It usually doesn't occur to normal people to engage in such jokes as impersonation, and everything works fine without any conflicts or complaints.
If the audience is potentially conflict, which will try to use the lack of user identification for selfish purposes, then one should not fool around, inventing some ingenious schemes, but use any standard mechanism.

Simple math allows you to create a token that encrypts the user ID and a hash of what you are willing to verify it with (password, personal data, last post ID ...). Show any user his token upon request - by specifying it, he will be able to log in on any other device. And if he writes it out on a piece of paper or sends it to his mobile phone by mail - these are already his difficulties.