Well it's clear there's a need for this because Karl submitted this in December as well:
https://datatracker.ietf.org/doc/draft-mcguinness-oauth-resource-token-resp/ There's also some discussion of it in this thread: https://mailarchive.ietf.org/arch/msg/oauth/Y2PqRZNDrzAWw5PSbFElCHpy0CQ/ Aaron On Sun, Mar 1, 2026 at 1:22 AM Filip Skokan <[email protected]> wrote: > Hello everyone, > > I've submitted a new individual draft that proposes an update to RFC 8707 > ("Resource Indicators for OAuth 2.0"): > > *Resource Indicator Response Parameter for OAuth 2.0* > <https://datatracker.ietf.org/doc/draft-skokan-oauth-resource-response/> > > RFC 8707 defines the resource request parameter for authorization and > token requests, allowing a client to signal which protected resource(s) it > wants an access token for. However, it doesn't define a way for the > authorization server to communicate back which resource(s) the issued > access token is actually for. > > *This draft fills that gap by defining the resource parameter for access > token responses. It serves a similar role to the scope response parameter > from RFC 6749, it lets the authorization server inform the client when the > effective resource(s) differ from what was requested, such as when the > server restricts the token to a subset of requested resources or applies a > default resource policy, a case explicitly called out in RFC 8707 Section > 2.2.* > > The draft is intentionally narrow in scope: it defines the response > parameter, specifies when it's required vs. optional, and updates the IANA > registration accordingly. > > Given that it's conditionally required I would prefer a full on > 8707bis document (for which I have the source prepared as well) but figured > to first discuss the parameter itself in isolation like this. > > Feedback is welcome. Thank you > > S pozdravem, > *Filip Skokan* > > A new version of Internet-Draft draft-skokan-oauth-resource-response-01.txt >> has been successfully submitted by Filip Skokan and posted to the >> IETF repository. >> >> Name: draft-skokan-oauth-resource-response >> Revision: 01 >> Title: Resource Indicator Response Parameter for OAuth 2.0 >> Date: 2026-03-01 >> Group: Individual Submission >> Pages: 6 >> Status: >> https://datatracker.ietf.org/doc/draft-skokan-oauth-resource-response/ >> HTML: >> https://www.ietf.org/archive/id/draft-skokan-oauth-resource-response-01.html >> HTMLized: >> https://datatracker.ietf.org/doc/html/draft-skokan-oauth-resource-response >> >> Abstract: >> >> This document defines the resource parameter for OAuth 2.0 access >> token responses, enabling an authorization server to indicate to the >> client the resource(s) which an issued access token is for. It >> updates "Resource Indicators for OAuth 2.0" (RFC 8707). > > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
