Skip to content
oidc-provider
Search limited to v8.x. Switch to the latest version for up-to-date results.

features.pushedAuthorizationRequests

This content is for v8.x. Switch to the latest version for up-to-date documentation.

RFC9126 - OAuth 2.0 Pushed Authorization Requests (PAR)

Enables the use of pushed_authorization_request_endpoint defined by the Pushed Authorization Requests RFC.

default value:

{
  allowUnregisteredRedirectUris: false,
  enabled: true,
  requirePushedAuthorizationRequests: false
}
(Click to expand) features.pushedAuthorizationRequests options details

allowUnregisteredRedirectUris

Section titled “allowUnregisteredRedirectUris”

Allows unregistered redirect_uri values to be used by authenticated clients using PAR that do not use a sector_identifier_uri.

default value:

false

requirePushedAuthorizationRequests

Section titled “requirePushedAuthorizationRequests”

Makes the use of PAR required for all authorization requests as an authorization server policy.

default value:

false