Merge pull request #1294 from ahus1/is-1293-update-dpop-docs

Update docs that DPoP requires a private signing key

Author: zandbelt

auth_openidc.conf

@@ -314,6 +314,7 @@
 #  optional: a DPoP token is requested from the OP but we'll continue even if the returned token is Bearer
 #  required: a DPoP token is requested from the OP and we'll fail if the returned token type is not DPoP
 # When not defined "off" is used.
+# To be able to request a DPoP token, OIDCPrivateKeyFiles/OIDCPublicKeyFiles settings require a RSA/EC private signing key.
 # NB: this can be overridden on a per-OP basis in the .conf file using the key: dpop_mode
 # The 2nd parameter is used to optionally enable an API for creating DPoP proofs on:
 #   <redirect_uri>?dpop=<access_token>&url=<url>[&method=<method][&nonce=<nonce>]