Pushed Authorization Requests (PAR).

post

https://{tenanturl}/oauth2/par

Use this API to initiate the authorization flow using the OAuth 2.0 Pushed Authorization Requests specification.

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Form Data

The request payload for /authorize and /par endpoints.

response_type

string

A space-delimited list of response types. Valid response types are: code, token, id_token.

response_mode

string

enum

The response mode. It defaults to query for the authorization_code flow, and to fragment for the implicit or hybrid flow.

Allowed:

redirect_uri

string

The redirect URI.

state

string

The state. An opaque value that is used to maintain the state between the request and the callback. Minimum length is 8 characters.

nonce

string

Nonce. The string value that is used to associate a client session with an ID Token to mitigate replay attacks. This attribute is required when the response type includes id_token. Minimum length is 8 characters.

prompt

string

enum

Whether the user is prompted for reauthentication. When the value is "login", the user is reauthenticated. When the value is "none", the user is not be prompted for authentication.

Allowed:

max_age

string

Maximum authentication age. Specifies the allowable elapsed time, in seconds, since the last time the user was authenticated.

code_challenge

string

Code challenge. Required if the OIDC client is configured to require proof key for code exchange (PKCE).

code_challenge_method

string

enum

Code challenge method for PKCE. Defaults to plain if not specified.

Allowed:

scope

string

A space-delimited list of scopes that are associated with this authorization request.

claims

string

The JSON that contains the claims for id_token or userinfo endpoint.

login_hint

string

Login hint. Value to use when prompting the user for login. Optional for OIDC request. This value is the username as a string (e.g. [email protected]), or a JSON (e.g. {"realm":"cloudIdentityRealm","username":"[email protected]"}). When using a JSON value, the realm represents the identity source realm.

request

string

The request object in the form of a signed JWT. This can be used as an alternative to sending the individual properties in the form.

request_uri

string

The URI referencing the request object.

client_id

string

The OIDC client ID that is required when the basic authorization header is not set.

client_secret

string

The OIDC client secret that is required when the basic authorization header is not set and the client is not a public client.

client_assertion

string

The JWT assertion being used to authenticate the client.

client_assertion_type

string

enum

The format of client assertion.

Allowed:

Headers

Authorization

string

The basic authorization header that contains a base64-encoded client ID and the client secret. Use this header as an alternative to sending the client ID and secret in the form parameters.

Responses

Language

URL

Loading…

Response

Choose an example:

application/json

201The request was successful.

400The request was invalid.

401The client could not be authorised.