In the current documentation, there is ambiguity regarding the parameters sent both in the HTTP PAR request and the signed Request Object, which is subsequently passed as a parameter in the HTTP PAR Request. To address this, I suggest the following changes:
Keep the following parameters mandatory in the HTTP PAR Request:
client_id
request_object
client_assertion
client_assertion_type
Remove from Request Object the client_assertion and client_assertion_type parameters from the Request Object.
This clarification will enhance the understanding of the specification and improve implementation consistency.
In the current documentation, there is ambiguity regarding the parameters sent both in the HTTP PAR request and the signed Request Object, which is subsequently passed as a parameter in the HTTP PAR Request. To address this, I suggest the following changes:
client_idrequest_objectclient_assertionclient_assertion_typeclient_assertionandclient_assertion_typeparameters from the Request Object.This clarification will enhance the understanding of the specification and improve implementation consistency.