Hey all!
Been trying to add Patreon integration to a webapp I’m building in order to reward patrons and could use some clarification on something 
Tech / Env:
- Next.js (typescript)
- NextAuth
- prisma (postgres)
- NOT using patreon-js since that seems to only support v1 API
Repo / Setup:
A user (patron) visits my webapp on their desktop and signs in via Patreon’s OAuth2. Webapp receives auth tokens for that user (access_token, refresh, token, expires_in, etc). Webapp stores those tokens in my DB so we can make API calls on their behalf. That part works fine and as expected.
That same user then opens up the webapp on their phone and signs in. Patreon, as expected, issues another set of auth tokens with the OAuth2 response. These DO NOT get stored in the db since the already stored tokens are assumed to still be valid. When tested, the second (mobile sign in) set of auth tokens work as expected but the first (desktop sign in) set does not.
Question:
Is this expected behavior? I would imagine that both sets of auth tokens would work (as long as they haven’t expired, been manually revoked by the user, etc.), but I may misunderstand how OAuth2 tokens generally behave. Are only 1 set of auth tokens ever valid for a user per client? Is the “solution” just to always store and use the last set of auth tokens received?