2.2.2.1 resource

 GET /authorize?response_type={response_type}&client_id={client_id}&state={state}&resource={resource}&client-request-id={ClientRequestId}&redirect_uri={redirect_uri} HTTP/1.1

OPTIONAL

The resource query parameter is OPTIONAL and MAY be specified by the client role of the OAuth 2.0 Protocol Extensions. When an OAuth 2.0 client requests authorization from an AD FS server (as specified in [RFC6749] sections 4.1 and 4.2), it MAY use the resource query parameter to specify the resource secured by the AD FS server for which it requires an authorization grant. The value of the resource query parameter corresponds to the identifier with which the resource, or relying party, is registered with the AD FS server by an administrator.

This parameter is REQUIRED when the AD FS server's ad_fs_behavior_level is AD_FS_BEHAVIOR_LEVEL_1, and OPTIONAL when the AD FS server's ad_fs_behavior_level is AD_FS_BEHAVIOR_LEVEL_2 or higher.

If the AD FS server's ad_fs_behavior_level is AD_FS_BEHAVIOR_LEVEL_2 or higher, and if the resource query parameter is not specified, the server issues an access token to the client that can be used to access the UserInfo endpoint ([OIDCCore] section 5.3), if such endpoint exists. The server supports the use of the returned access token at the UserInfo endpoint regardless of whether the client role also requests the "openid" scope.

For an example of the resource query parameter as it is being used, see section 4.1.

The format for the resource query parameter is as follows.

 String = *(%x20-7E)
 resource = String