Support RFC 8707

devops7 · July 14, 2021, 4:29pm

Feature: Support RFC 8707

Description: 3rd party binaries implementing the OAuth2 standard generally follow the RFCs and specs aggregated on Specs — OAuth. If RFC 8707 were implemented, the “resource” parameter could be used alternatively to or in lieu of the “audience” parameter of the token endpoint which would increase compatibility of those 3rd party binaries without costly patches and custom builds.

Use-case: Envoy Proxy implements the OAuth2 standard through a filter and its configuration allows a list of “resources” to be provided that are appended as individual “resource” query parameters to the token endpoint. (OAuth2 — envoy 1.26.0-dev-03192b documentation). If RFC 8707 were implemented, the publicly available builds of Envoy Proxy would be usable as a generalized, reverse proxy solution for web applications that includes authentication flow and token caching.

dan.woda · July 14, 2021, 5:36pm

Hi @devops7,

Welcome to the Auth0 Community!

I moved this to the Feature Request category for better visibility.

Thanks,
Dan

jan.nescivera · September 11, 2022, 3:17pm

i just spent an hour figuring out what is the difference between auth0’s audience and the standard resource parameter until I found this
it would be really nice to conform to the rfc8707 standard

Topic		Replies	Views
RFC8693 OAuth 2.0 Token Exchange Feedback api , oauth2	10	7483	September 27, 2024
RFC 7662 support Help	4	3264	October 7, 2021
Is RFC 8693 OAuth 2.0 Token Exchange coming? Help token , grant-types , oauth2	3	3521	October 29, 2020
RFC 8693 OAuth 2.0 Token Exchange Help oauth2	5	5933	February 22, 2020
Does Auth0 Support OAuth 2.0 Token Exchange (rfc8693)? Help	10	4073	December 2, 2020

Support RFC 8707

Related Topics