How does a Data Holder (DH) obtain the client ID in a PAR request?
client_id is required in the request syntax and the request object passed to the PAR and authorize endpoint. This is required by oAuth 2.0 and is covered in OIDC section 6.1. The
client_id is not in the client_assertion itself but in the request syntax and request object JWT.
A valid OAuth 2.0 Authorization Requests MUST include values for the
client_id in the OAuth 2.0 request syntax. The values for these parameters MUST match those in the Request Object, if present.