I have two identity providers (Apple and Google) configured.
After I could obtain an auth code using one of them (starting flow via https://xyz.oktapreview.com/oauth2/v1/authorize?idp=12345…) I automatically get a new auth code when opening the corresponding URL for the other idp (e.g. https://xyz.oktapreview.com/oauth2/v1/authorize?idp=7890…). This auth code contains all user details of the first idp – but I started the auth flow for the second idp.
Why is that? How do I disable that?
I could observe that closing the session has no effect on this behaviour. However, deleting all browser data did have an effect, i.e. when opening the 2nd url I then actually see the login page instead of just being redirected back instantly.