Investigate DPoP Error Handling #166
Description
We are retrieving the DPoP scheme of the www-authenticate http header, and then checking it for an error parameter, and then checking if the error parameter is one of a couple of expected values. However, other error parameter values are possible, and in fact 9449 has an example of invalid_token being used to indicate a DPoP failure (the token is invalid because its cnf is wrong). https://www.rfc-editor.org/rfc/rfc9449.html#section-7.1
So, this notion of a "DPoP Error" isn't in line with the spec, and is probably confusing as a public API. We might even be ignoring or mishandling errors from an RS that sends us other errors.