The “type” is effectively a schema marker for the content of the authorization
request object, and so it doesn’t need to be the same domain as the API that’s
being hosted. Think of it this way: the type defines the API, this could be a
standard body or some other org, and the location defines th
I have a question about the example and maybe it's more for
clarification than anything.
The example contains type and also location.
A couple of things
1. Would it add clarity if the domain was the same for both? vs. someorg.com
/ example.com
2. While only an example, would it bring clerity to pa
