Resource Indicators in OAuth 2.0: A guide to RFC 8707

OAuth 2.0 is a key framework for modern authorization, primarily involving the issuance of access tokens, but it faces challenges such as the confused deputy problem, where tokens can be misused across different resource servers. To address this, RFC 8707 introduces resource indicators that allow clients to specify the intended resource server for a token, enhancing security by binding tokens to specific audiences and filtering scopes accordingly. This approach helps prevent the misuse of tokens and scope ambiguity, essential for ensuring the principle of least privilege. Resource indicators require consistent URI usage and audience validation to be effective, with the Model Context Protocol (MCP) particularly benefiting from this setup as it involves AI agents interacting with multiple servers. Implementations like WorkOS MCP Auth simplify the process by integrating these requirements, ensuring secure and compliant OAuth deployments without needing to build the infrastructure from scratch.