It sounds neat - but in-practice it's something other schemes have had for yonks, albeit centralized instead of being entirely at the discretion of the subject (e.g. OAuth2's delegation grant), and there's the obvious risk of someone's token being used to counter-sign or delegate permission without their knowledge (this isn't unrealistic considering the sheer number of daily posters to StackOverflow who think browser's localStorage is an acceptable place to hold secrets and keys...).
No, it is a problem, because the motivating use case for offline attenuation is doing JIT minimization of tokens before sending them. IdP OAuth2 tokens tend to be all-powerful, a game-over break if stolen. That's why offline attenuation was invented.
You can say that offline attenuation and minimization doesn't matter; for a lot of applications, it probably doesn't. But you can't say OAuth2 has the same feature, and certainly not "had for yonks".
You can of course use Macaroons with OAuth, which was something that I tried to get the OAuth WG interested in, with little success. But I did get it added to my then employer’s AS product: https://neilmadden.blog/2020/07/29/least-privilege-with-less...
(Not sure why the images in that post are suddenly broken, will try to fix later).
This also reminds me that I need to finish off my own take on Biscuits/Macaroons that takes a completely different approach based on Diffie-Hellman. I call them Florentines.
You have a couple of options for storing tokens or other secrets like API keys that only need to be presented to a remote server.
* Secure, HTTPOnly cookies. This requires that your servers live on the same domain as the web page is being served from, but cookies will transparently be attached to any request and are unavailable to be exfiltrated.
* Some secrets can be stored outside of the browser javascript context so again can't be exfiltrated. This is pretty limited, but WebAuthn uses this for example.
* Keep the secrets server side in a session. You are still vulnerable to session riding, but not exfiltration of tokens.