Hi,
I'm not sure I followed due to the use of non-standard terminology... What do you mean by "OAuth client" - the Relying Party? And what about AS? Is that the Authorization Server, Application Server, or what? (One of the frustrating aspects of learning about OAuth2 and OIDC is that not everyone uses the standard terminology.)
Btw, I strongly suspect that AS stands for OAuth2's "Authorization Server".
Is that correct? Best regards, Dario Teixeira _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth