We noticed when a user logs into Constant Contact using the same OAuth app a 2nd time the 1st authentications refresh token becomes invalid and we begin receiving "unknown, invalid, or expired refresh token" when attempting to refresh it.
For context our users authenticate their Constant Contact account against a single form and could potentially have multiple forms that they want to integrate but we don't want to tie them to creating a single authentication in case they want to use a different Constant Contact login. The issue is we have no way to tell if they've already created an authentication with a given Constant Contact login since all we have is an access token.
Is this behavior expected? If so is there a way we could solve for this using a single OAuth app?
Currently our oAuth is designed to only connect from one application to one Constant Contact account at a time. So what you are experiencing is by design. Your request/scenario has come up before and we are looking in to other options; however at this time we do not have one available.
Can you please provide more details for the use case as to why a single Constant Contact account would need to connect to more than one application/form? The more details/use cases we have the better we can work toward a solution.