RFC 9728 introduces standardized OAuth 2.0 resource metadata, allowing protected resources to describe themselves via metadata, just like authorization servers can. This enables clients to discover the capabilities of a protected resource through a standardized metadata endpoint, improving integrations, security, and discovery. The metadata is a simple JSON document published at a `.well-known` URI, containing information such as supported token types, required scopes, and token introspection URLs. The spec adds quality-of-life improvements for clients, including easier integrations, better security, and dynamic discovery. It was finally published after nearly nine years of development, with the use case catching up with the spec over time.