So I was designing OpenID Authn Artifact Binding based on OAuth. OAuth pushes request token (RT) to the Service Provider (saml:responder, openid:op). Then, I looked back at the