Suppose we have 3 Relying Parties with 1 OpenID Provider (= Identity Provider). If a user wants to sign-in in the first application, he will be redirect to the identity Provider (via the Authorization Code Flow) and the first application will have at the end of the fow an id token and access token.
If the user, 10 minutes wants to sign-in to the second relying party, he will be automatically redirect to the IDP (via the Authorization Code Flow) and the IDP will recognize the user by the cookie. So the IDP will not ask the user to authenticate and at the end of the flow, the second Relying Party will have a ID Token & access token.
My question : can you confirm that the ID Token & Access Token of the second Relying Party will be different of the ID Token & Access Token of the first Relying Party ?
