The key is to have an open source client and a protocol that protects against a malicious server.
One way to do this is to have the new device generate a random passphrase, display it on the screen and require it to be typed into the already authenticated device. Then the devices can use PAKE with that passphrase to establish a secure channel between each other. Even if the data still goes through the server, it's encrypted and the server can't read it.
Another method is to have the new device display its public key as a QR code and have the existing device scan it.
One way to do this is to have the new device generate a random passphrase, display it on the screen and require it to be typed into the already authenticated device. Then the devices can use PAKE with that passphrase to establish a secure channel between each other. Even if the data still goes through the server, it's encrypted and the server can't read it.
Another method is to have the new device display its public key as a QR code and have the existing device scan it.