to my understanding simultaneous login (on various devices) is not possible when one wants to rely solely on rotating refresh tokens in SPA.
Example: If a user logs in on device A, an AT and RT are stored on the users device (AT-A & RT-A). Now, if the same user logs in to another device B, getting a new AT and RT (AT-B &RT-B) the RT on device A (RT-A) becomes invalid. So refreshing AT-A on device A using RT-A should not work anymore, is that correct? Please correct me if I’m wrong and help me understand what’s going on in the background.
Does someone know what one should do in order to allow simultaneous login based on rotating refresh tokens?
I very much appreciate any help on this topic