Here's a version of this that my colleague wrote up in August for this
grant, we're definitely interested in exploring this further. It is also
missing the nonce/server challenge part, but it's a start.
https://github.com/jaredhanson/id-oauth-fido2/blob/main/draft.txt
Aaron
On Fri, Dec 23, 2022
Hi Aaron
as you can see from my July proposal, I was not suggesting to use
the token endpoint in isolation for FIDO2. Rather it would remain
'as is' and return an access token to the client (but a short
lived one), by supporting two new grant types (for FIDO regn an
