feat: resource parameter

cmd/authz/client.go

@@ -26,7 +26,6 @@ func ClientCredentialsCmd(imsConfig *ims.Config) *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 			cmd.SilenceUsage = true
 
-
 			resp, err := imsConfig.AuthorizeClientCredentials()
 			if err != nil {
 				return fmt.Errorf("error in login service: %w", err)
@@ -40,6 +39,8 @@ func ClientCredentialsCmd(imsConfig *ims.Config) *cobra.Command {
 	cmd.Flags().StringVarP(&imsConfig.ClientSecret, "clientSecret", "p", "", "IMS client secret.")
 	cmd.Flags().StringSliceVarP(&imsConfig.Scopes, "scopes", "s", []string{}, "Scopes to request.")
 	cmd.Flags().StringVarP(&imsConfig.Organization, "organization", "o", "", "IMS Organization.")
+	cmd.Flags().StringSliceVarP(&imsConfig.Resource, "resource", "r", nil,
+		"RFC 8707 resource indicator URI(s) for audience-restricted tokens.")
 
 	return cmd
 }

cmd/authz/pkce.go

@@ -42,6 +42,8 @@ func UserPkceCmd(imsConfig *ims.Config) *cobra.Command {
 	cmd.Flags().StringSliceVarP(&imsConfig.Scopes, "scopes", "s", []string{}, "Scopes to request.")
 	cmd.Flags().BoolVarP(&imsConfig.PublicClient, "public", "b", false, "Public client, ignore secret.")
 	cmd.Flags().IntVarP(&imsConfig.Port, "port", "l", 8888, "Local port to be used by the OAuth Client.")
+	cmd.Flags().StringSliceVarP(&imsConfig.Resource, "resource", "r", nil,
+		"RFC 8707 resource indicator URI(s) for audience-restricted tokens.")
 
 	return cmd
 }

cmd/authz/service.go

@@ -25,7 +25,6 @@ func ServiceCmd(imsConfig *ims.Config) *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 			cmd.SilenceUsage = true
 
-
 			resp, err := imsConfig.AuthorizeService()
 			if err != nil {
 				return fmt.Errorf("error in login service: %w", err)
@@ -38,6 +37,8 @@ func ServiceCmd(imsConfig *ims.Config) *cobra.Command {
 	cmd.Flags().StringVarP(&imsConfig.ClientID, "clientID", "c", "", "IMS client ID.")
 	cmd.Flags().StringVarP(&imsConfig.ClientSecret, "clientSecret", "p", "", "IMS client secret.")
 	cmd.Flags().StringVarP(&imsConfig.AuthorizationCode, "authorizationCode", "x", "", "Permanent authorization code.")
+	cmd.Flags().StringSliceVarP(&imsConfig.Resource, "resource", "r", nil,
+		"RFC 8707 resource indicator URI(s) for audience-restricted tokens.")
 
 	return cmd
 }

cmd/authz/user.go

@@ -28,7 +28,6 @@ func UserCmd(imsConfig *ims.Config) *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 			cmd.SilenceUsage = true
 
-
 			resp, err := imsConfig.AuthorizeUser()
 			if err != nil {
 				return fmt.Errorf("error in user authorization: %w", err)
@@ -43,6 +42,8 @@ func UserCmd(imsConfig *ims.Config) *cobra.Command {
 	cmd.Flags().StringVarP(&imsConfig.Organization, "organization", "o", "", "IMS Organization.")
 	cmd.Flags().StringSliceVarP(&imsConfig.Scopes, "scopes", "s", []string{}, "Scopes to request.")
 	cmd.Flags().IntVarP(&imsConfig.Port, "port", "l", 8888, "Local port to be used by the OAuth Client.")
+	cmd.Flags().StringSliceVarP(&imsConfig.Resource, "resource", "r", nil,
+		"RFC 8707 resource indicator URI(s) for audience-restricted tokens.")
 
 	return cmd
 }

cmd/exchange.go

@@ -26,7 +26,6 @@ func exchangeCmd(imsConfig *ims.Config) *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 			cmd.SilenceUsage = true
 
-
 			resp, err := imsConfig.ClusterExchange()
 			if err != nil {
 				return fmt.Errorf("error exchanging the access token: %w", err)
@@ -46,6 +45,8 @@ func exchangeCmd(imsConfig *ims.Config) *cobra.Command {
 	cmd.Flags().StringSliceVarP(&imsConfig.Scopes, "scopes", "s", []string{},
 		"Scopes to request in the new token. Subset of the scopes of the original token. Optional value, if no "+
 			"scopes are requested the same scopes of the original token will be provided")
+	cmd.Flags().StringSliceVarP(&imsConfig.Resource, "resource", "r", nil,
+		"RFC 8707 resource indicator URI(s) for audience-restricted tokens.")
 
 	cmd.MarkFlagsMutuallyExclusive("organization", "userID")
 

cmd/obo_exchange.go

@@ -41,6 +41,8 @@ func oboExchangeCmd(imsConfig *ims.Config) *cobra.Command {
 	cmd.Flags().StringVarP(&imsConfig.AccessToken, "accessToken", "t", "", "User access token (subject token). Only access tokens are accepted.")
 	cmd.Flags().StringSliceVarP(&imsConfig.Scopes, "scopes", "s", nil,
 		"Optional scopes to request; if omitted, none are sent. When set, must stay within the client's configured scope boundary.")
+	cmd.Flags().StringSliceVarP(&imsConfig.Resource, "resource", "r", nil,
+		"RFC 8707 resource indicator URI(s) for audience-restricted tokens.")
 
 	return cmd
 }

cmd/refresh.go

@@ -27,7 +27,6 @@ func refreshCmd(imsConfig *ims.Config) *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 			cmd.SilenceUsage = true
 
-
 			resp, err := imsConfig.Refresh()
 			if err != nil {
 				return fmt.Errorf("error during the token refresh: %w", err)
@@ -56,6 +55,8 @@ func refreshCmd(imsConfig *ims.Config) *cobra.Command {
 		"Scopes to request in the new token. Subset of the scopes of the original token. Optional value, if no "+
 			"scopes are requested the same scopes of the original token will be provided.")
 	cmd.Flags().BoolVarP(&imsConfig.FullOutput, "fullOutput", "F", false, "Output a JSON with access and refresh tokens.")
+	cmd.Flags().StringSliceVarP(&imsConfig.Resource, "resource", "r", nil,
+		"RFC 8707 resource indicator URI(s) for audience-restricted tokens.")
 
 	return cmd
 }

ims/authz_client.go

@@ -51,6 +51,7 @@ func (i Config) AuthorizeClientCredentials() (string, error) {
 		Scope:        i.Scopes,
 		GrantType:    "client_credentials",
 		OrgID:        i.Organization,
+		Resource:     i.Resource,
 	})
 	if err != nil {
 		return "", fmt.Errorf("error requesting token: %w", err)

ims/authz_service.go

@@ -49,6 +49,7 @@ func (i Config) AuthorizeService() (string, error) {
 		ClientID:     i.ClientID,
 		ClientSecret: i.ClientSecret,
 		Code:         i.AuthorizationCode,
+		Resource:     i.Resource,
 	})
 	if err != nil {
 		return "", fmt.Errorf("error requesting token: %w", err)

ims/authz_user.go

@@ -91,6 +91,7 @@ func (i Config) authorizeUser(pkce bool) (string, error) {
 		ClientSecret: i.ClientSecret,
 		Scope:        i.Scopes,
 		UsePKCE:      pkce,
+		Resource:     i.Resource,
 		RedirectURI:  fmt.Sprintf("http://localhost:%d", i.Port),
 		OnError: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			_, _ = fmt.Fprintln(w, `

ims/config.go

@@ -53,7 +53,8 @@ type Config struct {
 	AuthSrc               string
 	DecodeFulfillableData bool
 	ClientName            string
-	RedirectURIs []string
+	RedirectURIs          []string
+	Resource              []string
 }
 
 // TokenInfo holds the response data from token-related IMS API calls.

ims/exchange.go

@@ -56,6 +56,7 @@ func (i Config) ClusterExchange() (TokenInfo, error) {
 		UserID:       i.UserID,
 		OrgID:        i.Organization,
 		Scopes:       i.Scopes,
+		Resource:     i.Resource,
 	})
 	if err != nil {
 		return TokenInfo{}, fmt.Errorf("error during the cluster exchange: %w", err)

ims/obo_exchange.go

@@ -56,6 +56,7 @@ func (i Config) OBOExchange() (TokenInfo, error) {
 		ClientSecret: i.ClientSecret,
 		SubjectToken: i.AccessToken,
 		Scopes:       i.Scopes,
+		Resource:     i.Resource,
 	})
 	if err != nil {
 		return TokenInfo{}, fmt.Errorf("error during the On-Behalf-Of exchange: %w", err)

ims/refresh.go

@@ -50,6 +50,7 @@ func (i Config) Refresh() (RefreshInfo, error) {
 		ClientSecret: i.ClientSecret,
 		RefreshToken: i.RefreshToken,
 		Scope:        i.Scopes,
+		Resource:     i.Resource,
 	})
 	if err != nil {
 		return RefreshInfo{}, fmt.Errorf("error during the token refresh: %w", err)