I maintain a plugin (driver) for interfacing with the Ecobee servers for the Indigo Home Automation system (https://www.indigodomo.com). We have many users using the plugin, with no problems. Except for one...
This particular user is the only one (that I know of), that has two separate instances of the Indigo system, at two different locations, both using the same Ecobee account. So there's two "clients", both installing the same "app", using the same credentials. The plugin uses the PIN based authentication method.
He randomly looses authentication at one location or the other. When that happens, it's usually with an invalid_request return code. We've been digging into this for a while, and it appears that both installations are getting the same access_token and refresh_token, and then one of them does a token refresh, gets a new refresh_token, and the old token doesn't work at the other location.
So my question is, is multiple instances of the same "app" with the same user account supported? Or is the server not differentiating between the two and providing the same credentials to both clients?
