If i'm implementing OIDC server which can be used by multiple clients and there are multiple resource servers involved.
In the authorize endpoint, we get only clientId. As per the RFC, we do not get any information about the Resource Server in the authorize end-point. How do I know for which resource server I'm returning the ID token and access token?
Should I have a unique ClientId and is always mapped to a unique resource server?
So if client App A wants to use OIDC with Resource Server X => then client Id will be ID1
if client App A wants to use OIDC with Resource Server Y => then client Id will be ID2
So based on the Client-ID we will know what the resource server is.
You can do it that way, but access to resources is more appropriately defined in the scope parameter, which is required on the authorization endpoint. https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
So, client App A can have one client_id and send something like "scope=ServerX" to the auth endpoint when it needs access to Server X, "scope=ServerY" when it needs access to Server Y, or "scope=ServerX ServerY" when it needs both. It's up to your OIDC implementation to define these custom scopes and decide whether to grant the requests. ("ServerX" and "ServerY" are just samples here. They will work as scopes, but you'll see that scopes commonly have long namespaces to make them universally unique.)
You can see this approach on Google's OAuth Playground (https://developers.google.com/oauthplayground/). Google has one OAuth service to control access to dozens of resources, which are defined as scopes. Notice that you have to select the desired resource -first- before even hitting the authorization endpoint.