Mesages - 18.104.22.168 "azp" definition too restrictive
azp OPTIONAL. Authorized Party. This member identifies an OAuth 2.0 client authorized to use this ID Token as an OAuth access token, if different than the Client that requested the ID Token. It MUST contain the client_id of the authorized party.
azp OPTIONAL. Authorized Party. This member identifies an OAuth 2.0 client authorized to use this ID Token as an OAuth access token. It MUST contain the identifier that the protected resource recognizes.
Current text needlessly constrains what azp could be, while that constraint being not necessarily useful. For example, the current definition removes the possibility of having ephemeral identifier (such as a dynamically generated public key) of the client, which is not a client_id in the OAuth sense but still useful as long as the protected resource can recognize it and possibly perform the key possession check.