Stuttgart 1: specify more details on IAE request

[jogu]

The IAE is closely related to the Pushed Authorization Endpoint. In particular, the beginning of Section 6.1.1 states that the initial request is "formed and sent in the same way as PAR request as defined in Section 2.1 of [RFC9126]" and the beginning of Section 6.2 states that the error response can be "an error as defined in Section 2.3 of [RFC9126] [...]."

However, the exact handling of the request by the AS is only vaguely specified at the beginning of Section 6.2: "[...] the Authorization Server determines whether the Authorization Request is syntactically and semantically correct and whether the information provided by the Wallet so far is sufficient to grant authorization for the Credential issuance." What exactly must the AS check here? Is the AS supposed to process the request as specified by RFC 9126? In particular, may this request contain a request_uri value or is the AS supposed to reject such a request (as required by RFC 9126)? Do the considerations on redirect URIs from Section 2.4 of RFC 9126 also apply to the IAE?