We are experiencing an issue with how the refresh token works in our multi-tenant app, explained below.
We have multi-tenant support in our application, so a given user (with email A) can have accounts in both Tenant1 and Tenant2, which are totally isolated environments (with different login credentials). This means that if the user wants to connect our app to his Zoom account, he will repeat the OAuth flow twice, once for each tenant.
The problem here is that once he completes the OAuth flow on the second tenant, he gets a new refresh token, which invalidates the previous refresh token that was created for the first tenant (stored separately).
How can we go around this issue?
One possible fix would be to store the ZoomUserId beside the refresh token, and when a new refresh token is generated, we update all DB records for that ZoomUserId.
Does that make sense or there are other alternatives?
Also this wouldn’t be that easy if we end up storing different tenant info in different databases, which we eventually plan to do so.