Currently, a new refresh token is given every time the user logs in.
The problem with this approach is if the same user logs in on the mobile app and then the web app, the refresh token stored in the mobile app will be invalid, and the user will have to log in again.
The fix is to issue a refresh token once per user, and in all subsequent logins, return the same refresh token from the database, ensuring that all logged-in clients can refresh tokens.
Currently, a new refresh token is given every time the user logs in.
The problem with this approach is if the same user logs in on the mobile app and then the web app, the refresh token stored in the mobile app will be invalid, and the user will have to log in again.
The fix is to issue a refresh token once per user, and in all subsequent logins, return the same refresh token from the database, ensuring that all logged-in clients can refresh tokens.