How to restrict one username logging in one mobile app at the same time?
chenweiyj opened this issue · 5 comments
What do you mean by ONE mobile app? One simultaneous user login per app instance/client id (it is already working)? Or do you want user to login only in one app/client id at a time?
For second problem look at line oauth2.js#L25 - there we are deleting tokens for user&clientId pair. You can change it to delete token only by user (and for all client ids).
Thank you for your reply. Yes, I want a user to login my app on only one device at a time. That means if a user logins in device A, another login to device B will kick off device A. And in device A, a message will show that you are logged into another device and please login again.
在 2015年1月27日,下午10:53,Evgeny Aleksandrov notifications@github.com 写道:
What do you mean by ONE mobile app? One simultaneous user login per app instance/client id (it is already working)? Or do you want user to login only in one app/client id at a time?
For second problem look at line oauth2.js#L25 - there we are deleting tokens for user&clientId pair. You can change it to delete token only by user (and for all client ids).
—
Reply to this email directly or view it on GitHub.
This is already implemented.
Devices A and B have the same application = same clientId.
When you are logging on second device (B) - previous token for user&clientId (logged in on A) will be deleted.
So next request with token on device A will return error 401.
I would like to disable this feature, so that users can login simultaneously from multiple devices using the same clientId. For example the user may log in from an iPhone and an iPad using an iOS app with the same clientId.
Would it work in theory? Would I just need to manage to removal of old, out-of-date sessions?
You are right, session management implementation is up to you.