Clarify chapter on authorisation response

[pa-rw]

The authorisation response and the DID authentication are conflated making the chapter a bit confusing. Here are some suggestions of changes:

Parameters response_type and response_mode are mixed up. It should say:
"In this case, the authorisation response will contain a response_mode parameter with the value direct_post"

"Query params for the authorisation response are given below:" should be "Query params for the DID authentication request are given below:"

"The holder wallet then responds with an id_token signed by the DID to the direct post endpoint." should be "The holder wallet then responds with an id_token signed by the DIDs private key and the state parameter from the DID authentication request to the direct post endpoint." Mention that the nonce from the DID authentication request is included in the id_token. Update the example and include the state parameter.

"If additional details are not requested, the credential issuer will send an authorisation response with a code query parameter containing the short-lived authorisation code." should be "If additional details are not requested, the credential issuer will send an authorisation response with a code query parameter containing the short-lived authorisation code and the state parameter from the authorisation request". Update the example and include the state parameter.

Clarify that the state parameter of the authorisation request and the DID authentication requests are different parameters. The first one is generated by the Wallet and the second is generated by the Issuer. The same goes for the nonce parameter (the nonce parameter is only included in the authorisation request example and not in the table of query parameters).

[lalc]

Which RFC is this issue raised against?

[pa-rw]

Which RFC is this issue raised against?

It is raised against RFC001