Competing Authentication Tokens when using multiple devices

[t16n]

Describe the bug When using Django Authentication currently with the /convert-token route across multiple devices, it's leading to an unexpected behavior of sharing authentication tokens. If one device revokes or refreshes the token, all other devices are put out of sync and cease to function properly.

To Reproduce Steps to reproduce the behavior:

1. Start the authentication process on one device.
2. Use the same credentials to start the authentication process on another device.
3. Notice that the same token is being shared across multiple devices.
4. Refresh or revoke the token on one device.
5. See that other devices are now out of sync and not working properly.

Expected behavior When Django Authentication is used on multiple devices, each device should have its unique token, even if the existing token is still valid. Also, when a token is revoked or refreshed in one device, it should not affect the functionality in other devices.

Screenshots

Desktop (please complete the following information):

• OS: All
• Browser: All
• Version: All

Smartphone (please complete the following information):

• Device: All
• OS: All
• Browser: All
• Version: All

Additional context A suggested fix could be that we should probably generate new tokens each time the create_token_response function is invoked. This should potentially ensure that every device has its own unique token, preventing overlap and reducing the risk of devices going out of sync.

[wagnerdelima]

I believe I can work on this issue this month still.

[wagnerdelima]

@t16n I just published a release that solves this. Thanks for your investigation.