Similar to PAR, we should introduce a metadata parameter to indicate whether the Interactive Authorization Endpoint (IAE) is required. Without such a signal, issuers/authorization servers would need to implement both flows: the traditional authorization endpoint and the IAE flow.

It is also needed to avoid dead end flows.

For PAR, we already have the require_pushed_authorization_requests flag. In my opinion, supporting both flows, the authorization endpoint, and IAE can be unnecessarily complex in certain scenarios, or even impossible.

I propose introducing the following metadata parameter:

• require_iae_requests (default: false)