Reputation: 3361
OAuth - preventing a multiple users using the same credentials
Scenario: I am creating an application which uses OAuth for authentication and I want to try and limit a user sharing their credentials with colleagues (we charge per seat). The only way I could think of this was to store the IP with the token (although I'm aware multiple users from a single client could be on the same IP).
Is there a standard way of doing this in OAuth?
Upvotes: 2
Views: 390
Answers (1)
Reputation: 23496
Not via any feature specific to OAuth. A valid user that logs on from the office or from home will have a different IP address. How would you distinguish that from another user that has someone else their credentials?
The only way I see to make this work is require two-factor authentication. It's much less likely your users will be prepared to share for example their phone to use your application.
Just make sure your application adds enough value that your users will want their own account and not share credentials.
Upvotes: 1
Related Questions
- How to prevent multiple logins of same user ID in ASP.NET site?
- How do I make sure to only create one OAuth 2.0 token at a time?
- How to limit user to only one access token in ASP.NET Identity
- How to prevent multiple login from single user name
- OWIN ASP.NET - Avoid multiple logins for the same account without Identity in Web Api
- OAuth 2 with JWT in Web API with 1-N callers from the same customer
- Webapi with multiple oauth tokens for different users
- How to authenticate the same user on multiple clients using OAuth2?
- Prevent multiple connection from the same username
- Prevent multiple logons for a single user in ASP .Net