If a user re-authorizes an OAuth app, do the previous refresh tokens get invalidated?
The concern I have is the user inadvertently invalidating an OAuth configuration they have already configured in our application.
Our application is a multi-tenant application where some of our customers may have different accounts configured for any number of reasons. However, they may have a single Zoom account they’d like us to integrate with. If they were to link to their single Zoom account in one account in our system, and then login to their 2nd account with us and link it with the same zoom account, will the initial authorization/access/refresh tokens become invalid?
The challenge is, we don’t always know that a single user in our system may have configured multiple accounts, and reviewing the oauth flow, there is no way to know that we’ve linked to the same Zoom account twice, across different accounts in our system.
I just want to be sure that allowing a user to do this won’t get us into a state where the first account they link to Zoom via OAuth becomes unable to access Zoom’s API once they link the 2nd account.