Configure Pushed Authorization Requests (PAR)
The Auth0 Push Authorization Request (PAR) implementation is based on the OAuth RFC0126: Push Authorization Request specification. For more information, see Authorization Code Flow with Pushed Authorization Requests.
By default, PAR is not required by the authorization server. As a result, you can send authorization requests to the PAR endpoint and the /authorize
endpoint. However, to fully secure your authorization flow, set PAR as required for a particular application via Application Settings on the Auth0 Dashboard.
Set PAR for an application
Navigate to Auth0 Dashboard > Applications.
Select the application.
Select Application Settings tab.
Under Advanced Settings, select the OAuth tab.
Enable the toggle Require Push Authorization Requests.
curl -X PATCH --location 'https://TENANT.auth0.com/api/v2/clients/CLIENT_ID' \
--header 'Authorization: Bearer MANAGEMENT_ACCESS_TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"require_pushed_authorization_requests": true
}'
Was this helpful?