This is currently in early development and does not support the Authorization header. It does however support confidential clients (exclusively) through the config. Only authorization code grants are ...