B2C User Flow API Connector Bug with Multiple IDPs

Question

I have a very unusual issue that occurred in our B2C API connector call.

We have 2 applications registered in our B2C tenancy. Each has a different federated identity provider. They also have different 'sign up sign in' user flows, and each has it's own API connector call before the token is issued.

I believe what happened is that a user signed up to one application, then signed up to the other. The first one went through fine, when the second API connector was called the following message was recorded by the API connector

{"step":"PreTokenIssuance","client_id":"<clientID>","ui_locales":"en","objectId":"<OID for the user created by the first flow>","displayName":"<name from the second flow IDP>","givenName":"<given name from the second flow IDP>",

"identities":[

{"signInType":"federated","issuer":"<second flow issuer>","issuerAssignedId":"<second flow issuer assgined ID>"},

{"signInType":"federated","issuer":"<first flow issuer>","issuerAssignedId":"<second flow issuer assigned ID>"}

]}

(In the example above, the second "signInType" is not a typo, it shows the first flow issuer with the second flow issuer assigned ID.)

So even though the user signed up using the second flow IDP, identity seems to have picked up that a user already existed for the B2C tenancy from the first flow and tried to use it for the second application.

To me this looks like a bug, if nothing else the second identity in the API connector call is clearly incorrect.

On completion of the second signup, identity should have either updated the existing user with the new identity details or created a new tenancy user (which would have been better).

Any suggestions or insights around this issue would be very much appreciated.