The RFC8707 details how a client can indicate to the authorization server on which resource server(s) the token will be used. This allows the authorization server to adapt the token claims depending on which resource server(s) it is intended, like for instance the aud and scope claims.
I suggest implementing this spec in authlib.
@lepture what do you think? Would you have implementation suggestions to tackle this?
The RFC8707 details how a client can indicate to the authorization server on which resource server(s) the token will be used. This allows the authorization server to adapt the token claims depending on which resource server(s) it is intended, like for instance the
aud
andscope
claims.I suggest implementing this spec in authlib.
@lepture what do you think? Would you have implementation suggestions to tackle this?