This is a very mature, carefully drafted specification.

Question: Under Dynamic Client Registration, do we need a mechanism for the client learn the required signature algorithms?  In general, there is no discussion of how mutually acceptable signature algorithms might be negotiated.

   Unlike cryptographic
   nonces, it is acceptable for clients to use the same nonce multiple
   times, and for the server to accept the same nonce multiple times.

This suggests that there may be another term that is better than "nonce", such as "epoch", "session ID", or "tag".

Section 11.4:

   This grant needs to be "silent", i.e., not require interaction with
   the user.

Why? Surely an occasional user authentication refresh is not such a red flag to ordinary users.