...
For TLS, all of the Data Provider’s Authorization Server endpoints and Resource Server endpoints shall support mTLS connections with the algorithms specified in the 5.2 section of the FAPI 2.0 Security Profile.
For JWE, both clients Client Applications and Authorization Servers shall use RSA-OAEP with A256GCM algorithm.
2.4 Consent and Authorization Mechanism Considerations
...