RFC 8707: Resource Indicators for OAuth 2.0

lepture / authlib

The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.

https://authlib.org/

BSD 3-Clause "New" or "Revised" License

4.49k stars 448 forks source link

RFC 8707: Resource Indicators for OAuth 2.0 #524

Open azmeuk opened 1 year ago

azmeuk commented 1 year ago

The RFC8707 details how a client can indicate to the authorization server on which resource server(s) the token will be used. This allows the authorization server to adapt the token claims depending on which resource server(s) it is intended, like for instance the aud and scope claims.

I suggest implementing this spec in authlib.

@lepture what do you think? Would you have implementation suggestions to tackle this?

lepture commented 1 year ago

This should be implemented together with #427