We are still occasionally getting users with duplicate Library Bundle authorizations for reasons that aren't immediately obvious. It's only happening rarely, so this isn't a bug that's commonly encountered.

Notes from @jsn.sherman on Slack:

I spent some time investigating and it looks like the auths were all created the same day the account was registered. The errors were all encountered during subsequent cron runs, but not during that initial my_library page load. That makes me think that we had a race condition where the duplicate auths weren't commited until after that first my library view rendered.

the ids for those auths are sequential, so the problem almost certainly happened in that initial bundle auth creation.

I suspect the issue might happen in the terms view after initial login.
When we create an editor during oauth, we call update_from_wikipedia, which saves the editor and then creates a bundle auth if it doesn't exist already.
https://github.com/WikipediaLibrary/TWLight/blob/08e55e83409066df1b0ef09dec014c5fbef9103f/TWLight/users/oauth.py#L151
In the terms view, we use the request.user object (which I think is cacheable) and then also save the editor and then create a bundle auth if it doesn't exist already.
https://github.com/WikipediaLibrary/TWLight/blob/08e55e83409066df1b0ef09dec014c5fbef9103f/TWLight/users/views.py#L681
the fix might be as simple as refresh_from_db call, or maybe referencing the editor object from the user profile (self) object instead of the request.user object.