Because TrueLayer holds a single certificate with each of Monzo (oAuth/Challenger banks only) and Starling and so each time one of the applications tries to refresh their TrueLayer token, the bank token that we store is then refreshed.
Let's say there are two apps, A and B that use TrueLayer to connect their users.
- User Mary connects her Monzo account using TrueLayer to app A;
- User Mary then decides to connect the same Monzo account to app B, using TrueLayer.
- App A loses access to this user's Monzo account.
What to do next?