What is the Resource parameter in Windows Azure AD tenant application oAuth 2.0 specification

Resource parameter depicts the identifier of the WebAPI that your client wants to access on behalf of the user. Most flows in OAuth involve 4 parties, the resource owner (aka user), the client (aka app), the authority (aka identity provider) and the resource (aka webapi). The audience of the access token that the authority generates is the resource identifier.

In the case of Azure AD you can either use the Client ID or the App ID URI of the resource WebAPI (Find them in the configure tab of the Azure AD application in the Azure Management portal). For instance, if I want my client to get a token to access the Azure AD Graph API on behalf of the user, I would request for a token for resource "https://graph.windows.net". In your example, the resource parameter value identifies the Azure Service Management APIs.

Here are some code samples of Client Apps using Azure AD SDKs to request for tokens to WebAPIs - different usages of the resource parameter:

• Mobile apps calling WebAPI: http://msdn.microsoft.com/en-us/library/azure/dn646737.aspx#BKMK_Native
• Web apps calling WebAPI: http://msdn.microsoft.com/en-us/library/azure/dn646737.aspx#BKMK_AppToAPI
• Clients calling Graph API: http://msdn.microsoft.com/en-us/library/azure/dn646737.aspx#BKMK_Graph

Hope this helps.

In simple words resource parameter contain the URI of the Web API resource, you want to access.

OAuth protocol follows the Token based access to the resources. Parameter "resource" helps to distinguish between tokens for different WEB API.

For example if you want to access GRAPH API- then resource will be- "https://graph.windows.net/"

If you want to access AZURE, The resource parameter must specified as- "http://management.azure.com".

It is recommended to use this parameter, Although it is not compulsory.