As per https://gitlab.com/openid/conformance-suite/-/issues/886 the certification team intends to implement an additional test that sends multiple aud values in client assertions.
We’d likely send the normal aud and also
https://other1.example.com and the server must accept that as valid. I guess this would be for FAPI-RW-ID2 tests and also FAPI1-Advanced-Final.
This is at least partly related to https://bitbucket.org/openid/connect/issues/1213/private_key_jwt-client_secret_jwt-audience which some RPs are working around by sending multiple aud values.
Any feedback/objections welcome.