Because TrueLayer holds a single certificate with Starling and so each time one of the applications tries to refresh their TrueLayer token, the bank token that we store is then refreshed.
Let's say there are two apps, A and B that use TrueLayer to connect their users.
- User Mary connects her Starling account using TrueLayer to app A;
- User Mary then decides to connect the same Starling account to app B, using TrueLayer.
- App A loses access to this user's Starling account.
What to do next?
- Short-term solution: User Mary can re-authenticate using app A (although this will revoke her access to app B);
- Long-term solution: Get your own certificates with the bank and mitigate the issues.