TrueLayer holds a single certificate with AIB and so each time a user tries to log in with another application, it will refresh their TrueLayer token. The user's bank token that we store is then refreshed, disconnecting the first app.
Let's say there are two apps, A and B that use TrueLayer to connect their users.
- User Mary connects her AIB account using TrueLayer to app A;
- User Mary then decides to connect the same AIB account to app B, using TrueLayer.
- App A loses access to this user's AIB account.
What to do next?
- Short-term solution: User Mary can re-authenticate using app A (although this will revoke her access to app B);
- Long-term solution: Get your own certificates with the bank and mitigate the issues.