Folks,

I've been doing a bunch of OAuth work recently where DPoP is enforced. This makes it difficult to craft requests in the composer, because they need to be signed with the proof of possession token.

It strikes me this could be a feature, allow me, in composer, to provide the access token, proof of possession token and current nonce and generate the right authentication and signature headers.

Barry