Way back when we wrote dynamic registration, we made the decision to always
have the registration token just be a bearer token. Part of this is because
OAuth2 doesn’t really have a separate “access token” data structure that we
could just replicate in this spot, so there’s no “token type” or oth
Hello,
While reading the last DPoP document (draft 6), I was wondering about
other access tokens delivered by the AS, especially the Registration
Access Token during Dynamic Client Management Registration [1].
The OAuth 2.0 Dynamic Client Registration Management Protocol RFC states
that: [2]
