token

Takes control over authentication session after web-based user authentication. This is a counterpart of the pushedAuthorizationRequest. It checks that (1) hash of code_verifier supplied here matches code_challenge supplied to push authorization, (2) performs DPoP authorization using the key established in push authorization. Once all the checks are done it issues access token that can be used to request a credential and possibly a refresh token that can be used to request more access tokens.