问题
I need to implement the following scenario:
Two or more device need to be logged in at the same time with same credentials
By one (or more) device consumes the refresh token in order to generate another token
Other devices continue to be logged in. In other words, other devices must be able to use the same refresh token in order to generate another access token at some other time
Actually happens is that the first device that uses the refresh token makes the refresh token invalid for other devices, so other devices can not generate the access token again with the invalidated refresh token.
回答1:
We cannot use same access token for different devices. Since one device refresh the token then others can not use the existing access token. That is the correct behavior. I suggesting to use a scope for each device and use same credential. You can use device id as the scope, then it create a different access/refresh tokens for each device and devices can work with same credentials but different access token.
来源:https://stackoverflow.com/questions/34852054/refresh-token-usage