OAuth - Does Okta Support the "Resource" Parameter and Audience Switching
Mar 13, 2025
API Access Management
Okta Classic Engine
Okta Identity Engine
Overview
This article specifies whether Okta supports the resource parameter and Audience switching.
Applies To
- OAuth 2.0
- API Access Management
- Utilizing the
resourceparameter to swap Audience claims
Solution
With Okta's OAuth 2.0 implementation, the Audience (or aud claim) is determined by and will match the Audience set on the Authorization Server specifically.
This can only be set to a single value per Authorization Server, so to change it to a different audience, it will be necessary to use a different Authorization Server.
Okta does not support dynamic audience switching by toggling a resource claim, nor does it support the resource claim as a protected claim with this functionality (as discussed in RFC8707-Resource Indicators for OAuth 2.0).
