Configure Pushed Authorization Requests (PAR)

The Auth0 Push Authorization Request (PAR) implementation is based on the OAuth RFC0126: Push Authorization Request specification. For more information, see Authorization Code Flow with Pushed Authorization Requests.

By default, PAR is not required by the authorization server. As a result, you can send authorization requests to the PAR endpoint and the /authorize endpoint. However, to fully secure your authorization flow, set PAR as required for a particular application via Application Settings on the Auth0 Dashboard.

Set PAR for an application

  1. Navigate to Auth0 Dashboard > Applications.

  2. Select the application.

  3. Select Application Settings tab.

  4. Under Advanced Settings, select the OAuth tab.

  5. Enable the toggle Require Push Authorization Requests.

Set application-level PAR with Auth0 Dashboard

Learn more