Excelling Presentation !! One Question: Is the client requited to generate a new pair of Asymmetric keys each time it requests a new Access Token from the Identity Server? If so wouldn't be this burdensome on the Mobile Applications ? Where complexity and additional delay are incurred?