...
In step 9, the client may provide a signed and dynamic proof of possession over the access token. This prevent Since the signature is over the target uri, the malicious RS from replaying cannot replay the request to the target resource.
Scenario: Fishing with a malicious authorization service
...