Client experimented with an extra device Id param, and it seems that they could sign in multiple devices (generate several usable tokens) with the same account.
Could you please confirm this is the way to operate with multiple instances under the same account?
No this is not possible. Each time the application generates a token using the password grant, the previous token is invalidated. Which means, then when the previously issued access token expires and the application tried to renew it using refresh grant, that request will fail and the application will have to use password grant again.
Only one valid set of tokens is supported. If the requirement is to run multiple instances, the application should have one session manager which is responsible for getting and renewing access and refresh tokens, and share the access token with other instances.
Other option is to keep using password grant in every application instance, knowing that token renewal will not work.