When enabled, this feature should:
- Store user's verified jwt token and device info for whitelisting
Use case:
1. User logs in:
- If there any token assigned to this user with this device-info then token should be returned
- If there's not, further confirmation for this device is required.. (Send pin via email and verify??)
2. User sends request:
- Received token is not exist on user's whitelist -> Not authorized
- Received token exists but device info is different -> Not authorized, verification is pending..
- Received token exists and device info is same -> Authorized
3. User sends request with verification pin
- Device info and token should saved
When enabled, this feature should:
Use case:
1. User logs in:
- If there any token assigned to this user with this device-info then token should be returned
- If there's not, further confirmation for this device is required.. (Send pin via email and verify??)
2. User sends request:
- Received token is not exist on user's whitelist -> Not authorized
- Received token exists but device info is different -> Not authorized, verification is pending..
- Received token exists and device info is same -> Authorized
3. User sends request with verification pin
- Device info and token should saved