Device fingerprint is a unique identifier for a specific device the most common uses for it are fraud detection and user validation.
There is no clear way to get this unique identifier instead, we will try to generate a string out of some information collected from the user.
Fingerprinting can be on the client-side (browser) or on the backend, we will do the backend way because it doesn't limit us by the user device or the features enabled on it.
You can use a lot of parameters to generate this identifier, in my case I'm trying to detect if the user is trying to log in from a different device or browser to the same account, for this simple case I will use a combination of IP address, user agent and params(credentials + CSRF token)
You can add more parameters to this combination like cookies or other headers.
I used here md5 as a hashing algorithm to generate the fingerprint but you can use a different one.
const md5 = require('crypto-js/md5') const requestIp = require('request-ip'); const ip = requestIp.getClientIp(req); const useragent = req.headers['user-agent']; const params = request.body; const fingerprint = md5(ip + useragent + JSON.stringify(params)).toString();