That all makes sense to me! To spitball a design, what about this for the discovery response?
{
"audience-endpoint": "https://upload.example.com/_/oidc/audience",
"token-mint-endpoint": "https://upload.example.com/_/oidc/mint-token",
"features": ["single-use-token", "multi-use-token"],
"default-features": ["multi-use-token"]
}
In the above case, the server would be advertising that it supports both single- and multi-use tokens, with multi-use being the default. Then, the token-minting request:
{
"token": "oidc-token",
"features": ["single-use"]
}
…would change the default. The server would then gain a bit of complexity in terms of deconflicting feature requests, but that’s not too bad IMO.