section 5.1 client_id: REQUIRED if the client is not authenticating with the authorization server and if no auth_session is included.
I think it is totally possible for a client to authenticate itself by using a pre-assigned client_id and signing the request using a key that the AS has previously established trust in.
also why does auth_session has to be anything with the presence of client_id and client authentication? auth_session is opaque to the wallet and its usage should be left to the implementations
section 5.1 client_id: REQUIRED if the client is not authenticating with the authorization server and if no auth_session is included.
I think it is totally possible for a client to authenticate itself by using a pre-assigned client_id and signing the request using a key that the AS has previously established trust in.
also why does auth_session has to be anything with the presence of client_id and client authentication? auth_session is opaque to the wallet and its usage should be left to the implementations