[jira] [Commented] (SLING-13047) Add RFC 8707 Resource Indicators support to Sling OIDC Authentication Handler

Nicola Scendoni (Jira) Mon, 05 Jan 2026 07:14:07 -0800


    [ 
https://issues.apache.org/jira/browse/SLING-13047?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18049865#comment-18049865
 ]


Nicola Scendoni commented on SLING-13047:
-----------------------------------------

PR: [https://github.com/apache/sling-org-apache-sling-auth-oauth-client/pull/40]

 

> Add RFC 8707 Resource Indicators support to Sling OIDC Authentication Handler
> -----------------------------------------------------------------------------
>
>                 Key: SLING-13047
>                 URL: https://issues.apache.org/jira/browse/SLING-13047
>             Project: Sling
>          Issue Type: Improvement
>          Components: Extensions
>            Reporter: Nicola Scendoni
>            Priority: Major
>              Labels: OAuth2, oidc
>
> The Sling OIDC Authentication Handler does not currently support *RFC 8707 
> (Resource Indicators for OAuth 2.0)*. This limits compatibility with 
> OIDC/OAuth2 providers that require or recommend the resource parameter to 
> request audience-specific access tokens.{*}{*}
> {*}Proposal{*}{*}{*}
>  * Add optional support for RFC 8707 resource parameters
>  * Make resource values configurable via OSGi
>  * Include resource in authorization and token requests when configured
>  * Preserve backward compatibility
> {*}Reference{*}{*}{*}
> RFC 8707: https://datatracker.ietf.org/doc/html/rfc8707



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (SLING-13047) Add RFC 8707 Resource Indicators support to Sling OIDC Authentication Handler

Reply via email to