2.2.3.3.1 resource request parameter

 POST /token HTTP/1.1
 Host: server.example.com
 Content-Type: application/x-www-form-urlencoded
 grant_type={grant_type}&client_id={client_id}&redirect_uri={redirect_uri}&requested_token_use={requested_token_use}&assertion={assertion}&resource={resource}

OPTIONAL

The resource parameter is optional, and can be specified by the client role of the OAuth 2.0 Protocol Extensions in the POST body when making a request to the token endpoint (section 3.2.5.2).

When an OAuth 2.0 client makes an OAuth on-behalf-of request to the token endpoint (section 3.2.5.2), it provides the resource parameter to specify the resource secured by the AD FS server for which it requires an access token.

An OAuth 2.0 client can also provide the resource parameter when using a multi-resource refresh token to request an access token for a different resource than the one that was used when the refresh token was returned (see [RFC6749] section 6). The resource parameter can only be used with a refresh token if it is a multi-resource refresh token.

The value of the resource parameter corresponds to the identifier with which the resource, or relying party, is registered with the AD FS server by an administrator.

The AD FS server ignores this parameter unless its ad_fs_behavior_level is AD_FS_BEHAVIOR_LEVEL_2 or higher.

For an example of the resource request parameter being used, see section 4.7.

The format for the resource request parameter is as follows.

 String = *(%x20-7E)
 resource = String