RFC 8707 (Resource Indicators) added a "resource" parameter to authorization requests and token requests to indicate the resources that the access token is going to be used to access. However, I cannot find a corresponding parameter in the client registration metadata to indicate which resources that a client serves. How would an authorization server know how to adjust the issued access tokens for the resources indicated (e.g. client_ids to put in the "aud" claim)?
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
