I am trying to implement an authentcation module which I can reuse for different services. I have gone through some popular OAuth 2.0 implemented services. I did find some differences in some of the authentication calls, Like, Microsoft Dyanmics adds an extra query parameter, resource=ABC, to the authorization code call. 2nd example, Twitter sends a 4 5 paramters while invoking their oauth service.
My ques: Are all this services oauth 2.0 compliant? As in case of dynamics, RFC never mentions resource parameter.
1
votes
1 Answers
1
votes
You are right there is no mention of a resource parameter in the RFCs related to the OAuth2 FrameWork Protocol or the OpenID Connect Specification.
In fact, that parameter is part of an IETF draft: Resource Indicators for OAuth 2.0.
There are other on-going specifications managed by the OAuth2 Working Group. Have a look at those documents, it may help you to understand why and how Microsoft, Twitter and other service providers use specific parameters.
