Add support for Mobile/App logins

[martianatwork]

I think we should add a session_type to the login api. By default it will be web and mobile as second option. Web will follow the basic flow, i.e logout after x minutes or logout after IP change. Mobile will remove the timeout and IP change restrictions.

In order to provide more security we should introduce a session manager from which user will have an option to logout from all other devices or logout from a specific device.

If this seems like a good idea then i can create a PR in 1-2 days, or please let me know your inputs i will be happy to implement it.

[zamananjum0]

Hello @martianatwork any update on this...?

[martianatwork]

I have implemented this and working as expected, waiting for someone from openware to show interest.

[zamananjum0]

Hello @martianatwork Can you define me ,how you can validate session from mobile incase of remove the timeout and IP change restrictions.

[martianatwork]

Hey for this we are implementing a sessions section in the frontend where users can see their sessions and have an option to logout from all sessions. Also we have defined a unique user agent for each login on the App so User Agent check is still there, we have also introduced an app_timeout variable which is set to 15 days so the timeout is not removed.

We would have preferred to use a JWT token auth but managing the token state and adding another authoriser will be too much work.

[FernetB]

@zamananjum0 Any updates on this? We have the same issue.

@martianatwork did you find a workaround?

[zamananjum0]

@FernetB you can add authorization headers for that device and also set app_timeout on the condition, either is it a mobile app or browser on the base of user agent check.

[M1chlCZ]

I would love this, because currently, people are getting logout without any notice. Not sure if it would be possible, but basically after login get some JWT token?