Configure Pushed Authorization Requests (PAR)

The Auth0 Push Authorization Request (PAR) implementation is based on the OAuth RFC0126: Push Authorization Request specification. For more information, see Authorization Code Flow with Pushed Authorization Requests.

By default, PAR is not required by the authorization server. As a result, you can send authorization requests to the PAR endpoint and the /authorize endpoint. However, to fully secure your authorization flow, set PAR as required for an application and/or a tenant via the Management API or Application Settings on the Auth0 Dashboard.

Set PAR for an application

  1. Navigate to Auth0 Dashboard > Applications.

  2. Select the application.

  3. Select the Application Settings tab.

  4. In the Authorization Requests section, enable the toggle Require Pushed Authorization Requests (PAR).

Set application-level PAR with Auth0 Dashboard

Set PAR for a tenant

To set PAR for a tenant, use the Auth0 Dashboard.

1. Navigate to Auth0 Dashboard > Settings > Advanced.

2. Scroll down to Settings and toggle on Allow Pushed Authorization Requests (PAR).

Auth0 Dashboard > Settings > Advanced > Allow mTLS endpoint aliases

Learn more