Since I brought this up initially, I want to re-voice my support for a general
mechanism. I think it makes sense to have something that all of the OAuth
JSON-spouting endpoints (introspection, token, revocation, registration,
discovery) can use to universally put out signed and/or encrypted JWTs
As discussed during the working group meeting, I agree with the people who
spoke up saying that they believe that trying to over-generalize the JWT
introspection response mechanism to cover all OAuth interactions would be
reaching too far. There are differences in the characteristics of the
di
