Consider allowing `oneTimeTokenLogin()` to authenticate different devices

[marcusdacoregio]

One common requirement is to request a One-Time Token from your computer browser, open the magic link on your phone (where you are authenticated), and then the browser, instead of the phone, is logged in.

[marcusdacoregio]

This is similar to the device code flow in OAuth, but does not require OAuth