API token invalidated when second client authenticates as same user


#1

I’m testing a mobile app that uses the Patreon API, and I’ve noticed that every time I go through the OAuth flow on a device, other tokens for that user are invalidated (requests return 401). This means that, if a user has connected Patreon on one device and later connects Patreon (using the same Patreon account) on a second device, the first device no longer has access, and they must go through the process again.

I attempted to use the refresh token on a second device to reauthenticate without bothering the user, but the API returned “invalid_grant”, perhaps indicating that the refresh token had also been invalidated.

Is this expected behavior? Is there a way to use Patreon’s OAuth implementation to allow users to switch between devices and not have to manually re-connect to Patreon every time?