I’m building an “Authorize with Patreon to get exclusives” feature.
I noticed that if a user authorises via OAuth in another browser session, they stop being authorised in the first one. E.g. they auth on their phone and stop being authed on their computer.
This seems to imply users can only have a single access code issued per client, and issuing a new one will replace the old one. Is that correct?
The problem is that this web shop doesn’t have user accounts. You always check out as a “guest”, as it were. So I can’t tie the access code to a server-side user account to make sure it’s reused between browser sessions.
Am I missing something? Is there any way to make this work without introducing server-side user accounts?