Single SMART_KEY breaks authorization of several users on server-side

[art1c0]

I think this is related to https://github.com/smart-on-fhir/client-js/issues/112 but probably a bit different use-case. I am solely talking about server-side implementation, and I have implemented Redis as a custom storage.

Imagine User_A tries to authorize, SMART_KEY is being set to Key_A. Until User_A finished, User_B tries to authorize again, so the SMART_KEY is cleaned up and set to Key_B. Then User_A completes, returns to 'ready' endpoint - but system cannot find their SMART_KEY anymore - authorization fails. Even worse, SMART_KEY is also getting set to Key_A again, so when User_B also completes - system cannot find their key as well, as it's set back to Key_A.

I guess using single key is a real bottleneck and causes issues like that, any ideas how to overcome?

I was thinking of some workaround with custom storage implementation, but the real problem which unables it to be done on the storage level is that the system looks for the 'SMART_KEY' by key, but not by its value as a key.

Existing kind of implementation only allows for single user to be authorized at a time, which does not scale. We cannot guarantee that users will always be authorizing one after another, such overlap may happen at any time. This solution is probably good enough for front-end, but on the back-end we need to overcome this limitation somehow. Please suggest.