Audience vs Resource Clarity #69
Description
We made the choice to require audience to be the Resource AS identifier and resource to be the protected resource for the Resource AS in this spec for interoperability. While this approach seems allowed from how the Token Exchange spec is written, it isn't obvious to some readers who are familiar with Token Exchange. We are effective profiling audience as the trust domain identifier vs defining a new param. We don't need to change our decision but I think it may help to better state why we made this choice and provide some examples of multi-tenant resource authorization servers to help the reader understand how this profile is using audience and resource. Note that audience vs resource is a historically confusing problem across the specs.