Optional Token Issuance Authorizer (TIA) that is invoked once, before any scope-bound TIAs, with the full set of requested-and-allowed scopes (including the empty default scope). The referenced id must match one of the TIAs defined in the token-issuance-authorizer list below.