I've seen cases where a patron ends up with two or more Overdrive OAuth access tokens. This is quite bad because we assume that a patron only has one such token at any given time. If a patron ends up with two tokens  they can no longer do anything that interacts with the Overdrive API (possibly including loan sync); they get an unhandled circulation manager exception: "Multiple rows were found for one()".

In most cases where this happens we institute a uniqueness requirement on the database table. That might not be possible in this case – we keep all sorts of other credentials in this database table and it might be legitimate for a patron to have two or more of some other type of credential. In that case it might be best to say that if there are two or more Overdrive OAuth access tokens, we should regard them as interchangeable.

We have a reaper which removes credentials that expired more than a day ago, which means that a patron with this problem will not be locked out permanently. However, for NYPL and Brooklyn circulation managers, the reaper script doesn't run – a specific instance of our general problem keeping our crontabs up to date. So once this happens to an NYPL or Brooklyn patron, they'll never recover.

As a stopgap measure, I've manually removed all expired Overdrive OAuth credentials from the NYPL and Brooklyn circulation managers.