The validated context a successfully redeemed CIBA authentication request yields (CIBA Core §10.1).
Attesto.CIBA.redeem/4 returns this once the request's state machine
reaches an approved, unexpired, single-use redemption. The host reads it to
mint the token response through the same issuance path as its other grants:
subject and scope become the tokens' sub and scope, resource
(RFC 8707) the aud, dpop_jkt (when present) the cnf.jkt, and acr /
auth_time the ID Token's authentication-context claims (CIBA Core §10.1:
the ID Token is issued as for a normal OIDC token response; FAPI-CIBA
§5.2.2 requires acr when the client requested one).