I don't see that in the spec. You would not create End-UserAuthorization request with a client_secret.
Cheers,Maciej
-- Maciej Machulakemail: maciej....@gmail.comtel: +48 602 45 31 44tel: +44 7999 606 767