I am sorry that you’re not happy with the decisions we made when we created ActivityPub, but they were made long ago. This FEP cannot change them.
Saying that the decisions we made 10 years ago are set in stone and unchangeable is a bit silly, especially when there is strong evidence and desire by people actually building stuff on these specs to do something different now.
I’m actually surprised to see that ActivityPub defined the two OAuth endpoints in the actor object in the first place. I would argue that was an error on our part since we made the explicit decision to leave authentication/authorization out of scope of the draft.
If I follow the breadcrumb trails, the “Authentication and Authorization” section links to a wiki page here: ActivityPub/Primer/Authentication Authorization - W3C Wiki which says:
To discover the correct endpoint for authorization, clients should use OAuth-Server-Metadata on the host part from the actor’s ID URI.
That sentence was in the original version of that page from 2017, before the final publication of ActivityPub: ActivityPub/Primer/Authentication Authorization - W3C Wiki
So even the ActivityPub spec when it was published had two contradicting ways to find the OAuth server, one of which ignored the “follow your nose” method entirely.
This is all just to say that I think it’s best to ignore the oauthAuthorizationEndpoint and oauthTokenEndpoint properties in the actor profile and do something that makes more sense now.