The 2nd clause in “5.1. Request Object Request” in “Financial-grade API: Pushed Request Object” says as follows.
If the request object is signed, the signature serves as means for client authentication
However, the signed request object shouldn't be used for client authentication. Conceptually, this is trying to mix
token_endpoint_auth_signing_alg (which is for RFC 7523 client assertion). It is likely that we will encounter undesirable side effects in future.