Oh, that's my bad, I re-read the privacy pass protocol to brush up and it does use signing without requiring the RP to necessarily make another call to the original approver server. I also see there's been work on hidden witness ZKP, so the RP may not even know who approved a given token.
Very cool! Always happy to be proven wrong with cool tech!
Not really. There is no requirement here for an auth server to neccesarily even exist.
That said, your broader point is correct, that the details matter a tremendous amount.