add resource parameter when building authorization url

as specified in https://www.rfc-editor.org/rfc/rfc9068.html#name-data-structure

Author: itsuki

src/client/auth.test.ts

@@ -320,6 +320,7 @@ describe("OAuth Authorization", () => {
 
     it("generates authorization URL with PKCE challenge", async () => {
       const { authorizationUrl, codeVerifier } = await startAuthorization(
+        "https://resource.example.com",
         "https://auth.example.com",
         {
           clientInformation: validClientInfo,
@@ -338,11 +339,13 @@ describe("OAuth Authorization", () => {
       expect(authorizationUrl.searchParams.get("redirect_uri")).toBe(
         "http://localhost:3000/callback"
       );
+      expect(authorizationUrl.searchParams.get("resource")).toBe("https://resource.example.com");
       expect(codeVerifier).toBe("test_verifier");
     });
 
     it("uses metadata authorization_endpoint when provided", async () => {
       const { authorizationUrl } = await startAuthorization(
+        "https://resource.example.com",
         "https://auth.example.com",
         {
           metadata: validMetadata,
@@ -363,7 +366,7 @@ describe("OAuth Authorization", () => {
       };
 
       await expect(
-        startAuthorization("https://auth.example.com", {
+        startAuthorization( "https://resource.example.com", "https://auth.example.com",{
           metadata,
           clientInformation: validClientInfo,
           redirectUrl: "http://localhost:3000/callback",
@@ -379,7 +382,7 @@ describe("OAuth Authorization", () => {
       };
 
       await expect(
-        startAuthorization("https://auth.example.com", {
+        startAuthorization( "https://resource.example.com", "https://auth.example.com",  {
           metadata,
           clientInformation: validClientInfo,
           redirectUrl: "http://localhost:3000/callback",

src/client/auth.ts

@@ -157,7 +157,7 @@ export async function auth(
   }
 
   // Start new authorization flow
-  const { authorizationUrl, codeVerifier } = await startAuthorization(authorizationServerUrl, {
+  const { authorizationUrl, codeVerifier } = await startAuthorization(resourceServerUrl, authorizationServerUrl, {
     metadata,
     clientInformation,
     redirectUrl: provider.redirectUrl
@@ -288,6 +288,7 @@ export async function discoverOAuthMetadata(
  * Begins the authorization flow with the given server, by generating a PKCE challenge and constructing the authorization URL.
  */
 export async function startAuthorization(
+  resourceServerUrl: string | URL,
   authorizationServerUrl: string | URL,
   {
     metadata,
@@ -337,6 +338,7 @@ export async function startAuthorization(
     codeChallengeMethod,
   );
   authorizationUrl.searchParams.set("redirect_uri", String(redirectUrl));
+  authorizationUrl.searchParams.set("resource", String(resourceServerUrl));
 
   return { authorizationUrl, codeVerifier };
 }