It suggests that PKIoverheid and mTLS is not needed on the connection between a resource consumer and server. But what it means to say is that the PKIoverheid certs on the auth server and resource server do not need to be the same PKIoverheid cert. You can use 2 different PKIoverheid certificates.
It suggests that PKIoverheid and mTLS is not needed on the connection between a resource consumer and server. But what it means to say is that the PKIoverheid certs on the auth server and resource server do not need to be the same PKIoverheid cert. You can use 2 different PKIoverheid certificates.
https://nuts-foundation.gitbook.io/v1/rfc/rfc003-oauth2-authorization#a.1-mtls-same-certificate-requirement-drop