Yes, thank you for your detailed and clear description of what you are trying, the results you are seeing.
What you describe is the expected behavior with 3-legged OAuth tokens.
If you need to have “parallel” tokens, then you need to go through steps 1 & 2 multiple times, obtaining distinct authorization codes. Then each distinct access token, or one of its “children” (generated via step 3) will be valid.