Hello,
in my opinion there is an error in chapter 1.10 "Authentication" regarding the communication flow between "Resource Server" and "Authorization Server".
The direction of the arrow must be exactly reversed (see picture, circled in red). After having recieved a "Protected Resource Request" the "Resource Server" sends the Access Token to the "Authorization Server" and not vice versa.
------------------------------
Michael Lauth
Deutsche Telekom AG
------------------------------