Skip to main content
The Model Context Protocol (MCP) specification requires the use of the standards-compliant resource parameter as defined in RFC 8707. Auth0’s Authentication API has historically used the audience parameter to specify a target resource server (API). This document outlines the new resource parameter and provides instructions for enabling the new compatibility profile.

Enabling Resource Parameter Compatibility Profile

To use the resource parameter in your access tokens, you need to enable the compatibility profile. The quickest way to enable it is through the Auth0 Dashboard:
  1. Navigate to Settings on the left sidebar.
  2. Click on Advanced on the top right corner.
  3. Scroll down to the Settings section, find and enable the Resource Parameter Compatibility Profile toggle.

How it works

When disabled, the Resource Parameter Compatibility Profile will keep the experience as is and only use the audience parameter in the Auth0 access token.
Audience in the access token
Once the Resource Parameter Compatibility Profile is enabled, Auth0 will use the resource parameter if it is available to define the token’s audience.
Resource in the access token
If both the resource and audience are available, the audience will still be used. Auth0 will not forward the resource to upstream Identity Providers (IdPs), learn more. RFC 8707 requires the resource parameter to be an absolute URI, to conform with RFC 8707 we recommend defining your resource server identifiers (API identifiers) in URI format. Using an absolute URI as the identifier of your MCP Server is also a requirement from the MCP Authorization specification.

Supported flows

The resource parameter is supported in the following flows:
  • Standard Authorization Flow (/authorize)
  • Pushed Authorization Requests (PAR)
  • JWT-Secured Authorization Requests (JAR)
  • Client-Initiated Backchannel Authentication (CIBA)
  • Refresh Token Grant Type

Resource Parameter Forwarding to Upstream Identity Provider (IdP)

When federating to an upstream IdP, Auth0 provides a way for initiating clients to forward parameters. In the documentation, notice that resource is one of the parameters available for forwarding to upstream IdPs. To avoid leaking access token details, Auth0 will not forward the resource parameter to upstream IdPs while the Resource Parameter Compatibility Profile is enabled.
  • Resource Parameter Compatibility disabled (default behavior):
    • resource is available as an upstream IdP parameter.
  • Resource Parameter Compatibility enabled:
    • resource is not available as an upstream IdP parameter, and will not be forwarded.
    If passing the resource parameter to an upstream IdP, Resource Parameter Compatibility Profile should not be enabled.