AT Proto gets a lot of things right in their OAuth profile, which is also similar to the OAuth profile from Solid OIDC (which added on User Managed Access & required OIDC instead of just OAuth)
Essentially you want to be able to safely send a token that identifies you to potentially untrusted servers & not have that access token compromised. That's what DPoP gives you essentially.