Hi Brian,
Just wondering if there's still a chance for this to be addressed in 04? I
could try preparing a draft PR if that helps.
On a related note, are there any recommendations on the contents of the
"error_description" WWW-Authenticate attribute? For example, our prototype
DPoP implementation
>From the document:
The protected resource MUST obtain, from its TLS implementation
>layer, the client certificate used for mutual TLS and MUST verify
>that the certificate matches the certificate associated with the
>access token. If they do not match, the resource access attempt
