java - Enable login to one device at a time -
when user install app, generate unique id on app , store it.
user can login user name , password. if login successful, server send oauth token app. app store token , refresh tokens future use.
but when user try login new device, want logout user previous phone.
how can logout device ?
(i want delete oauth tokens previous device. if not app try refresh token , allow user login.)
where want handle logout logic ? please.
i don't think accepted answer correct solution. should not have logic on client side. lead potential security issues.
all need invalidate old oauth token on server side, next time old device uses old token receive, 400 invalid_grant exception, that's when have perform log out.
Comments
Post a Comment