Description
Is your feature request related to a problem? Please describe.
Since a single MCP client may be handing the OAuth flow for several MCP servers, it is important that the authorization server knows where the generated access token will be used. A safety-conscious MCP server could then verify that the access token generated is meant it specifically (typically done via the aud claim in a JWT).
Describe the solution you'd like
As RFC 8707 states, passing a resource query parameter when initiating the OAuth authorization flow allows the authentication server to determine where the generated access token will be used.
Describe alternatives you've considered
N/A
Additional context
I understand that this is part of the draft spec and may still be a work in progress, but I wasn't able to find any other issues or pull requests on this subject.