Hi, Cu kal.
You need to perceive oxTrust as just another app that uses oxAuth for authentication. That's correct - each auth method has its own Level value. If you already have a session at oxAuth which was created with auth method with Level 10, and start a flow from another app that requests another auth method with Level 20 - oxAuth will invalidate current session and ask you to authenticate again. That's by design - apps that require more secure auth methods won't use SSO session that was established with less secure method.