SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

how to distinguish web and mobile and allow only one login for each type

hello, is there a way to distinguish different types of devices, for example, I'd like to allow one user to login from web and mobile at the same time, but do not allow user to login from two mobile deivces at the same time

hey <@1040459150972436551> yes this is possible

what you want to do is to override the createNewSession recipe function on the backend first

and in there, read the request object's user agent header to identity which device the request is from and save that as part of the access token payload of the session.

before calling the original implementation of createNewSession, you want to fetch all the sessions for the input userId and check if any of them belong to the same device type. If they do, then throw an error, else call the originalImplementation

got it, I will try that, thank you very much

Further more, I want to allow only one user login from all types of devices, and the new login will kick out the old one. To do this, same way to override the createNewSession recipe? or is there a ready-made recipe?