In the API we’re developing, the access tokens are unique. With that I mean

Question

0

Asked: May 22, 20262026-05-22T02:57:45+00:00 2026-05-22T02:57:45+00:00

In the API we’re developing, the access tokens are unique. With that I mean

0

In the API we’re developing, the access tokens are unique. With that I mean that there can only be one access token per application and user.

The consequence of this is that if a user authenticates the same third party desktop application on two computers, only the second will have a valid access token and the first will have to go through the authentication process again (the first access token will have been invalidated).

From a user experience perspective this is sub-optimal. From a security perspective it provides a minor benefit.

Curious to know how others have implemented access tokens in their APIs. One per user and app, or multiple?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-22T02:57:46+00:00

Editorial Team

2026-05-22T02:57:46+00:00Added an answer on May 22, 2026 at 2:57 am

The access tokens should be unique but the relationship between [user, app] and [token] should be one to many. Whereas in your case it is one to one. It has nothing to do with OAuth as a protocol but rather your implementation detail.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

In the API we’re developing, the access tokens are unique. With that I mean

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply