Description
Problem Statement
Enterprises adopting autonomous AI agents using frameworks like AutoGen are aiming to automate operations from financial trading and insurance policy assessment to B2B supplier sourcing. However, without authorization frameworks, these agents (clients) lack ability to access protected resources (like outlook emails, Teams chat etc.) on behalf of resource owner.
An authorization server can issue a JWT access token in response to any authorization grant defined by and subsequent extensions meant to result in an access token. If the request includes a "resource" parameter (as defined in ), the resulting JWT access token "aud" claim have the same value as the "resource" parameter in the request.
example,
get token request
GET /as/authorization.oauth2?response_type=code
&client_id=s6BhdRkqt3
&state=xyz
&scope=openid%20profile%20reademail
&redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb
&resource=https%3A%2F%2Frs.example.com%2F HTTP/1.1
Host: authorization-server.example.com
Response
Header:
{"typ":"at+JWT","alg":"RS256","kid":"RjEwOwOA"}
Claims:
{
"iss": "https://authorization-server.example.com/",
"sub": "5ba552d67",
"aud": "https://rs.example.com/",
"exp": 1639528912,
"iat": 1618354090,
"jti" : "dbe39bf3a3ba4238a513f51d6e1691c4",
"client_id": "s6BhdRkqt3",
"scope": "openid profile reademail"
}
Originally posted by @yogitasrivastava in #5921