[Help] Best practice for multiple browser/client connection?

[jasonm23]

I'm trying to find help/docs relevant to the following use case:

1. User logs into Django app and authenticates with OAuth provider, they will use Bearer token auth (via API calls on the Django App) Client A

2. If the user then logs into the Django app from another machine, they are given a new token, which will be associated with their account (via UserSocialAuth) Client B

The user is authenticating via Bearer token in a custom middleware using:

# Once I've retrieved the Bearer Token code from the request:
user_social_auth = UserSocialAuth.objects.get(extra_data__access_token=code)

This will fail for Client A but not Client B (due to UserSocialAuth for the user now holding the updated token)

I want both to continue to be authenticated.

I'm not sure if:

• I should modify the way I authenticate via Bearer Token.
• I should make multiple UserSocialAuth associations for each client connection.
• I should be requesting token verification directly from the OAuth provider, for every request, which seems like a bad idea.
• Something else?

FYI - The OAuth provider is a Django OAuth Toolkit based auth server. I use a custom backend so I'm concerned I might be going off track.

(note)

social-auth-app-django    5.4.0
social-auth-core          4.5.3