Closed lloydmeta closed 10 years ago
As detailed in #37, we'd need to implement either:
All of these have security and implementation problems. I tried to implement the 3rd option a while ago but found the amount of work involved was not worth it for our use case.
The current situation is that users must re-authenticate if they switch devices.
Understood :+1:
I've noticed that the access_token changes on subsequent requests to authorize an client for a given user results in overwriting the old access_token.
From what I gather from this post, this is a result of a gap in the spec.
What is the recommended approach to handling a situation where we expect users to use the same client from multiple devices?
Thanks a lot in advance.