I have a RestAPI which when hit authenticate the user. This api is exposed to android and ios developers they hit this api to allow user to login to our app
My requirement is this.1) If user has cell phone say abc phone with IMEI "abc1234". He logs in from this phone. Now if he tries to log in from his 2nd phone than he should not be allowed to login from 2nd phone. He should first log out from abc device.
now there is few complications 1) if user is logged from abc. With out loging out he formats his phone or uninstalls the app. Then how should I handle login from same device or other device.
Basically I want to know about strategies or good practises for such type of scenarios.
Good practice would be let the user login from second device and logged out him from first device it would be better from user experience as well as will be easy to handle e.g
I logged in from DeviceId A
(update DeviceId in db against the user)
then I try to logged in from DeviceId B
(again update DeviceId overriding previous DeviceId in db against the user)
Now If I make a request from DeviceId A
, match the DeviceID in DB, it will return false. Send user back to login page.