Use this endpoint to initiate pushed authorization request

post https://{pointofcontact}/oauth2/par

Pushed authorization request (PAR) enables an OAuth client to push the payload of an
authorization request directly to the authorization server. A request URI value is
received in exchange; it is used as reference to the authorization request payload data
in a subsequent call to the authorization endpoint via the user agent.

Form Data

request

string

Request object, signed and/or encrypted JWT.
When used, it may contain all the properties below. Besides parameters
used by client authentication, all the other parameters should be inside
the request object.

response_type

string

OAuth 2.0 response_type value that determines the
authorization processing flow to be used

response_mode

string

Mechanism to be used for returning parameters from the Authorization Endpoint

redirect_uri

string

Redirection URI to which the response will be sent. This URI MUST
exactly match one of the Redirection URI values for the Client
pre-registered at the OIDC Provider

acr_values

string

A space-separated string that specifies the requested Authentication Context
Class Reference values, with the values appearing in order of preference.

state

string

Opaque value used to maintain state between the request and the callback.

nonce

string

Value used to associate a Client session with an ID Token to mitigate replay attacks

prompt

string

Space-delimited string that specifies whether the Authorization Server
prompts the End-User for reauthentication and consent.

max_age

number

Maximum Authentication Age. Specifies the allowable elapsed time in seconds
since the last time the End-User was actively authenticated by the OIDC Provider.
If the elapsed time is greater than this value, the OIDC Provider MUST attempt to
actively re-authenticate the End-User.

code_challenge

string

Code challenge used as proof for code exchange

code_challenge_method

string

Method used to calculate the code challenge

scope

string

Space-delimited string indicating the OAuth 2.0 scope requested.
OpenID Connect requests MUST contain the openid scope value.

claims

string

JSON string that contains individual claims requested.

login_hint

string

Hint to the Authorization Server about the login identifier the End-User might
use to log in (if necessary)

client_id

string

OAuth2.0 client identifier. Required when the client authentication method is using
"client_secret_post" or "tls_client_auth". It is optional when using "private_key_jwt"
client authentication; when specified it MUST match the "client_assertion" subject.

client_secret

string

OAuth2.0 client secret. May be specified when using "client_secret_post" client
authentication method.

client_assertion

string

The "private_key_jwt" assertion being used to authenticate the client.

client_assertion_type

string

Type of the client assertion.

Headers

x-client-certificate

string

MTLS Client Certificate

Response

200Pushed authorization response