Pushed Authorization Requests (PAR).post https://{tenanturl}/oauth2/parUse this API to initiate the authorization flow using the OAuth 2.0 Pushed Authorization Requests specification.Form Dataresponse_typestringA space-delimited list of response types. Valid response types are: code, token, id_token.response_modestringenumThe response mode. It defaults to query for the authorization_code flow, and to fragment for the implicit or hybrid flow.queryfragmentform_postquery.jwtfragment.jwtform_post.jwtAllowed:queryfragmentform_postquery.jwtfragment.jwtform_post.jwtredirect_uristringThe redirect URI.statestringThe state. An opaque value that is used to maintain the state between the request and the callback. Minimum length is 8 characters.noncestringNonce. The string value that is used to associate a client session with an ID Token to mitigate replay attacks. This attribute is required when the response type includes id_token. Minimum length is 8 characters.promptstringenumWhether the user is prompted for reauthentication. When the value is "login", the user is reauthenticated. When the value is "none", the user is not be prompted for authentication.noneloginAllowed:noneloginmax_agestringMaximum authentication age. Specifies the allowable elapsed time, in seconds, since the last time the user was authenticated.code_challengestringCode challenge. Required if the OIDC client is configured to require proof key for code exchange (PKCE).code_challenge_methodstringenumCode challenge method for PKCE. Defaults to plain if not specified.plainS256Allowed:plainS256scopestringA space-delimited list of scopes that are associated with this authorization request.claimsstringThe JSON that contains the claims for id_token or userinfo endpoint.login_hintstringLogin hint. Value to use when prompting the user for login. Optional for OIDC request. This value is the username as a string (e.g. [email protected]), or a JSON (e.g. {"realm":"cloudIdentityRealm","username":"[email protected]"}). When using a JSON value, the realm represents the identity source realm.requeststringThe request object in the form of a signed JWT. This can be used as an alternative to sending the individual properties in the form.request_uristringThe URI referencing the request object.client_idstringThe OIDC client ID that is required when the basic authorization header is not set.client_secretstringThe OIDC client secret that is required when the basic authorization header is not set and the client is not a public client.client_assertionstringThe JWT assertion being used to authenticate the client.client_assertion_typestringenumThe format of client assertion.urn:ietf:params:oauth:client-assertion-type:jwt-bearerAllowed:urn:ietf:params:oauth:client-assertion-type:jwt-bearerHeadersAuthorizationstringThe basic authorization header that contains a base64-encoded client ID and the client secret. Use this header as an alternative to sending the client ID and secret in the form parameters.Responses 201The request was successful. 400The request was invalid. 401The client could not be authorised.Updated over 2 years ago
