Why do I get the same account_id and refresh_token for different users?

Explaining the Cronofy calendar service account linking model

By default when a user authorizes multiple calendar service accounts with your application the Cronofy API links those service accounts under one Cronofy account. This makes sense in production but can create some, on the face of it, odd behaviour in development.

This works by dropping a Cronofy cookie in the browser of the authorizing user so we can recognise when they return and login to additional calendar service accounts. 

You can observe this behaviour by making a call to the /v1/account end point before and after authorizing a new calendar service. You'll see that the account_id  value remains the same.

To avoid this behaviour and generate a new Cronofy account for a new calendar service authorization. You have two options.

Clear cookies

Whilst in development, if you clear the cookies associated with app.cronofy.com before you authorize a new calendar service, this will cause a new account to be created.

Use the avoid_linking parameter

When requesting authorization to a user's calendar service account, you can pass avoid_linking=true as a query string parameter. This will force any cookies present to be ignored and a new account created. More information in the Request Authorization docs.

Once an calendar service account is linked under a Cronofy account neither of these options will remove that link. If you have calendar service accounts you'd like split just contact us with the email addresses associated with the calendar accounts and we can break the link for you.