Same User ,Same Scope , Same client_id ,should only get one valid AccessToken and one valid refreshToken, isn't it?

[mzzsfy]

Summary

The same user, the same device, has multiple valid Access Tokens.

I am English is not very good, please understand

Version

Any version

Sample

//I put it at org.springframework.security.oauth2.provider.token.AbstractDefaultTokenServicesTests#reLoginAfterAccessTokenExpiration
//All subclasses failed to test 
@Test
	public void reLoginAfterAccessTokenExpiration() throws InterruptedException {
		getTokenServices().setAccessTokenValiditySeconds(2);
		getTokenServices().setRefreshTokenValiditySeconds(10);
		OAuth2Authentication authentication = createAuthentication();
		OAuth2AccessToken firstAccessToken = getTokenServices().createAccessToken(authentication);
		Thread.sleep(3000);

		assertTrue(firstAccessToken.isExpired());
		OAuth2AccessToken readFirstAccessToken = getTokenServices().getAccessToken(authentication);
		assertTrue(readFirstAccessToken == null || readFirstAccessToken.isExpired());

		OAuth2AccessToken secondAccessToken = getTokenServices().createAccessToken(authentication);

		OAuth2Request oAuth2Request = authentication.getOAuth2Request();


		TokenRequest tokenRequest = new TokenRequest(Collections.singletonMap("client_id", oAuth2Request.getClientId()), oAuth2Request.getClientId(),oAuth2Request.getScope() , oAuth2Request.getGrantType());
		getTokenServices().refreshAccessToken(secondAccessToken.getRefreshToken().getValue(), tokenRequest);

		InvalidGrantException ex = null;
		try {
			OAuth2AccessToken oAuth2AccessToken = getTokenServices().refreshAccessToken(firstAccessToken.getRefreshToken().getValue(), tokenRequest);
			if (oAuth2AccessToken==null||(oAuth2AccessToken.isExpired())) {
				//first RefreshToken get Expired AccessToken Also Successful
				ex = new InvalidGrantException("Successful");
			}
		} catch (InvalidGrantException e) {
			//first RefreshToken Should Fail
			ex = e;
		}
		assertNotNull(ex);
	}