How to limit concurrent logins in OAuth1?

[natanaelsinisalo]

I'm relatively new with the OAuth so i'm still trying to grasp the whole picture of the auth process. I've implemented this plugin to my site and built a client successfully.

Let me brief at first what i'm trying to do:

• We have one WooCommerce site where client can purchase a ticket to the live event
• We have another site (PHP based) that is used to contain that live event video protected with WooCommerce OAuth login
• I've implemented basic admin-ajax.php endpoint that checks if the authenticated user has bought the ticket

Everything's good so far. Now, we'd like to restrict concurrent logins to 2 per user id. I've been thinking something like this:

• Save user id, oauth_token (if it's correct key to rely in a situation like this) and (now()) timestamp to the database
• Make a cron job that checks if there's every 5 minutes if there's more than two entries for certain user id and delete old login rows
• From the client side i'm planning to do some ajax stuff that checks every X minutes if the login is still valid and if not, then routes the user to the login process

So my few questions are:

• Is this even possible with OAuth 1.0a?
• If yes, how should i approach this problem?

I'm capable of making a pull request if there's a good way to implement this.

Cheers!

[natanaelsinisalo]

I might have found an answer:

Since this plugin currently saves an option row for each authorisation which contains oauth_token and user id along with the incrementing id, it's quite easy to wrote a clean cron job which keeps two newest sessions per user and cleans the rest.

Is there any possible downsides about this implementation?