Using OAuth2 password grant with multiple devices #65
Description
This is mostly a question, so I'm sorry if it belongs to mailing list.
Imagine a scenario with single app registered with password grant type. I'm using this app on 2 devices. I log in on device A, get access token and refresh token. Everything is peachy. I do the same on device B, everything is still great. When I come back to device A and access token expires, I can no longer use refresh token as it was overwritten when I got tokens on device B.
Is it possible to fix this somehow? I'd imagine having multiple refresh tokens could help this scenario, but I guess that would have also negative security implications.