Ah interesting! I’ll make a statement and then immediately challenge it :)
There are no additional considerations for repeated ICG flows because it will always end with a call to the token endpoint, where the client must send the code verifier to be checked by the AS. If another ICG is required, the client should apply a new code challenge (and state etc) on the next redirect.
However… is that true? Since the client receives a new ticket on its claims_redirect_uri it _could_ immediately send the RqP back for another round of claims gathering before it calls the /token endpoint.
This is the only statement in UMA Grant (that I could find) that addresses _when_ the client will initiate ICG :
"The client might have initiated redirection immediately on receiving an initial permission ticket from the resource server, or, for example, in response to receiving a redirect_user hint in a need_info error (see Section 3.3.6).” [1]