Configure Pushed Authorization Requests (PAR)
Highly Regulated Identity is available in Limited Early Access. Contact Auth0 Support to request access.
The Auth0 Push Authorization Request (PAR) implementation is based on the OAuth RFC0126: Push Authorization Request specification. For more information, see Authorization Code Flow with Pushed Authorization Requests.
By default, PAR is not required by the authorization server. As a result, you can send authorization requests to the PAR endpoint and the /authorize endpoint. However, to fully secure your authorization flow, set PAR as required for a particular application via Application Settings on the Auth0 Dashboard.
Set PAR for an application
Navigate to Auth0 Dashboard > Applications.
Select the application.
Select Application Settings tab.
Under Advanced Settings, select the OAuth tab.
Enable the toggle Require Push Authorization Requests.
curl -X PATCH --location 'https://TENANT.auth0.com/api/v2/clients/CLIENT_ID' \
--header 'Authorization: Bearer MANAGEMENT_ACCESS_TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"require_pushed_authorization_requests": true
}'Was this helpful?