Restricting user to login from multiple devices

As per my use case, I need to restrict my end-user to login from single device. I want to implement any one of the following. Assume end-user is already logged in from one device. When user tries to login from second device

  1. App should prompt to logout from first device and App will not allow to login from second device until user successfully logs out from first device.
  2. Without prompting anything to end-user, app terminates session on first device and allow login to new device and creates a new session.

Any of these approach will help me to implement my use case.

Thanks

Hey Sudarshan -

The general approach would be:

a) Store the user’s “currentDeviceId” every time the user logs in with Custom Function Authentication and Custom User Data

b) The next time the user logs in, revoke all sessions from the Admin API in your custom function, before logging them again and setting the user’s new Device ID - this way you get to add your session expiration logic before the user has actually logged in on another device and provided another session token.

c) Add client code to handle invalid session requests and take user to logout screen

In practice, this would look like:
device a → logged in
device b → calls login function → -> revokes all sessions and invalidates device a → logs user in from device b with new session → user is logged in on device b successfully

any subsequent request will fail, client code handles invalid session and takes user to login screen

If you want to request more session/token configuration options - you can add a request here. We use items here to influence our roadmap on Realm.

Sumedha

3 Likes

Thanks for such a detailed approach.

Can you please let me know the structure of the parameter, i.e., loginPayload of Custom Function Authentication.

The function payload will be whatever custom credentials you want to pass in for authentication (e.g. email, password, device Id, etc)

There is an example on one of our DevHub posts on how to use Custom Function Auth

2 Likes

Hi Sumedha ,
Mentioned DevHub posts
is not available (404-Not Found). Can please check it once.

A quick search on the MongoDB Developer site returns this article has has the same title. I’m pretty sure that MongoDB changed their site around a bit not that long ago so it makes sense that articles were moved to the new location.

How can I get the ‘currentDeviceId’ is it inside the authEvent? and can I do this within the authentication trigger?