Overview#
Resource Parameter is an
OPTIONAL parameter used in the
Access Token Request defined by
Resource Indicators for OAuth 2.0 and the value of the "resource" parameter indicates a
Resource Servers where the requested access token will be used.
Resource Parameter value MUST be an absolute URI, as specified by Section 4.3 of RFC 3986, and MUST NOT include a query or fragment component.
If the Authorization Server fails to parse the provided value or does not consider the Resource Server acceptable, the Authorization Server MUST reject the request and provide an OAuth Error response with the error code "invalid_resource".
Multiple "resource" parameters may be used to indicate that the issued token is intended to be used at multiple Resource Servers.
The Resource Parameter will be sent to the authorization_endpoint or the token_endpoint depending on the Grant Type used.
When an
Access Token will be returned from the
authorization_endpoint, and the Resource Parameter is used in the
Authorization Request to the
Authorization_endpoint as defined in Section 4.2.1 of OAuth 2.0
RFC 6749.
When the access token is returned from the
token_endpoint, the request parameter is included in the
Access Token Request to the
token_endpoint. Sections 4.1.1, 4.3.1, 4.4.2, 4.5 and 6 of OAuth 2.0
RFC 6749 define requests to the token endpoint with different grant types and others may be defined elsewhere.
There might be more information for this subject on one of the following: