verify that a single developer app can have multiple oauth refresh tokens for the same user #5643
Comments
36 tasks
|
verified with google search console by going through the auth process twice and generating two different refresh tokens and both were simultaneously valid. This seems to be API-dependent though. I could see an instance where an API does not allow using multiple refresh tokens for the same user. I don't have an example of such an API. But it seems that this would be a bad pattern to have anyways in case a user could be signed in from multiple devices, then allowing only one active refresh token is probably a bad idea. Going to consider this done for now and revisit later if needed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Tell us about the problem you're trying to solve
What are you trying to do, and why is it hard? A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you’d like
A clear and concise description of what you want to see happen, or the change you would like to see
Describe the alternative you’ve considered or used
A clear and concise description of any alternative solutions or features you've considered or are using today.
Additional context
Add any other context or screenshots about the feature request here.
Are you willing to submit a PR?
Remove this with your answer :-)
The text was updated successfully, but these errors were encountered: