Smart cities are developed to optimize operations across the city such as waste and traffic management, water supply management, criminal tracking, and pollution monitoring, etc. Smart cities are formed by the interconnection of various Internet of Things (IoT) devices for collecting the data from objects and humans to perform necessary actions. But the challenge lies in the exchange of enormous information in real-time to drive smart city applications. Therefore, smart city applications make use of Device-to-Device (D2D) communications which provides higher bandwidth and lower latency in message exchanges. D2D communications do not need any infrastructure for communication and hence are cost and time effective. However, this advantage becomes a threat as no third party is involved to verify the authenticity of the devices before exchange of real information. Consequently, a reliable authentication mechanism is required to address the security issues in WiFi (wireless fidelity) Direct communication. In this paper, we propose a secure and lightweight mutual authentication and key agreement protocol for WiFi Direct. The principle of the protocol is based upon a commit/open pair and Diffie Hellman key exchange algorithm. It is observed from the simulations that the proposed protocol successfully authenticates the D2D devices in the WiFi Direct environment. Investigation through formal security analysis revealed the strong resistivity of the proposed protocol against the prominent attacks in the WiFi Direct environment. The comparative analysis demonstrates the reliability of the suggested protocol over the traditional one. The proposed protocol eliminates the occurrence of the denial of service (DoS) and man-in-the-middle (MITM) attacks in the discovery and key agreement phase, respectively. The proposed protocol can be easily integrated into the devices enabled with WiFi Direct and can offer a wide security package.