diff --git a/docs/toolhive/guides-cli/run-mcp-servers.mdx b/docs/toolhive/guides-cli/run-mcp-servers.mdx
index 0f1875a..4e2bce9 100644
--- a/docs/toolhive/guides-cli/run-mcp-servers.mdx
+++ b/docs/toolhive/guides-cli/run-mcp-servers.mdx
@@ -728,6 +728,30 @@ thv run https://api.example.com/mcp \
   --remote-auth-scopes read,write,admin
 ```
 
+#### Resource indicator (RFC 8707)
+
+When authenticating to remote MCP servers, you can specify a resource indicator
+as defined by [RFC 8707](https://datatracker.ietf.org/doc/html/rfc8707). This
+allows the authorization server to return an access token with a scoped
+audience, which will then be passed to and validated by the remote MCP server.
+
+By default, ToolHive automatically uses the remote server URL as the resource
+indicator when authenticating. The URL is validated, normalized (lowercase
+scheme and host, fragments stripped), and included in the OAuth token request.
+
+To explicitly set a different resource indicator, use the
+`--remote-auth-resource` flag:
+
+```bash
+thv run https://api.example.com/mcp \
+  ... \
+  --remote-auth-resource https://api.example.com
+```
+
+The resource parameter must include a scheme and host, and cannot contain
+fragments. If you provide an invalid resource parameter, ToolHive will return an
+error.
+
 #### Custom authentication timeout
 
 Adjust the authentication timeout for slow networks: