Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support for resource indicators

See original GitHub issue

Back in 2017, issue #74 was closed because it was asking for adding support for parameters that were non-standard at the time. Fast forward to today, RFC 8707: Resource Indicators for OAuth 2.0 is a Proposed Standard, making the resource parameter somewhat safe thing to support.

Right now, one can work around it by passing a resource as an additional parameter to the token requests, e.g.:

var response = await client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
{
    Address = "https://fs.contoso.com/adfs/oauth2/token",
    ClientId = "client",
    ClientSecret = "secret",
    Scope = "scope1",
    Parameters =
    {
        ["resource"] = "https://api.contoso.com",
    },
});

The spec explicitly allows multiple resource values, something that isn’t possible with the custom dictionary right now: “Multiple ‘resource’ parameters MAY be used to indicate that the requested token is intended to be used at multiple resources.” By making the resource an explicit property of the token request, this could be supported as well.

Prominent servers that support, and somewhat even require, this resource parameter are AAD and AD FS, but I hear that other auth servers do have support for this as well. And since this is being standardized, it would make sense to adopt this functionality. I would offer my help in that case too.

Issue Analytics

State:
Created 3 years ago
Reactions:1
Comments:6 (4 by maintainers)

Top GitHub Comments

2reactions

leastprivilegecommented, Jun 3, 2020

I added this for v5. For now there is a workaround.

thanks for reporting.

2reactions

leastprivilegecommented, May 5, 2020

Good idea. Will look into it.

Top Results From Across the Web

Indicators for a Resource Efficient and Green Asia and the ...

Resource efficiency indicators are a tool that aid policy makers in making informed decisions to support sustainable consumption and production (SCP) and ...

draft-ietf-oauth-resource-indicators-08

Resource Indicators for OAuth 2.0 (Internet-Draft, 2022) ... as an authorization server servicing a significant number of diverse resources, for the client ...

Resources Indicator

Resources Indicator. Introduction. the original mechanism on OAuth 2 framework for expressing authorizations is the scopes presented on the token by the subject ......

Indicator Resources

This list includes custom indicators and standard foreign assistance indicators, and is intended as a resource for selecting or developing ...

Resource Indicators for Sustainable Industries and ...

In this project, Ecologic Institute reviewed scientific knowledge in order to evaluate existing indicators and derive recommendations concerning their usability ...