Smart city can improve the efficiency of managing assets and resources, optimize urban services, and improve the quality of citizens’ life. Wireless sensor networks (WSN) can solve many problems in smart city, such as smart transportation, smart healthcare, smart energy, and so on. However, security and privacy are the biggest challenges for WSN. Recently, Banerjee et al. proposed a security enhanced authentication and key agreement scheme for WSN, but their scheme can't resist off-line password guessing attack, impersonation attack, and does not achieve session key secrecy, identity unlinkability and perfect forward secrecy. In order to fix these flaws, a secure and privacy preserving authentication protocol for WSN in smart city is proposed. We prove the security of the proposed protocol by using applied pi calculus based formal verification tool ProVerif, and show that it has high computational efficiency by comparison with some related schemes.