Clarification on optionality of Scope vs Auhtorization Details

[paulbastian]

Section 5.1 Auth Request says "There are two possible ways to request issuance of a specific Credential type in an Authorization Request. One way is to use the authorization_details request parameter, as defined in [RFC9396], with one or more authorization details objects of type openid_credential, per Section 5.1.1. The other is through the use of scopes as defined in Section 5.1.2." Section 5.1.2 on scope says "In addition to a mechanism defined in Section 5.1, Credential Issuers MAY support requesting authorization to issue a Credential using the OAuth 2.0 scope parameter."

There is no equivalent phrase in Section 5.1.1 authorization_details, instead "The request parameter authorization_details defined in Section 2 of [RFC9396] MUST be used to convey the details about the Credentials the Wallet wants to obtain."

While this last MUST is probably only refering to the parameter named "authorization_details" from RFC9396, it is less clear that authorization_details is also optional