Authorization Code Flow with PAR and JAR

Use Push Authorization Requests (PAR) and JWT-Secured Authorization Requests (JAR) together to provide a higher security level in the authorization flow. Whereas PAR provides clients with confidentiality and integrity protection for authorization requests, JAR provides non-repudiation protection.

How to use PAR and JAR together

To use PAR and JAR together, generate the JAR request and, instead of calling the /authorize endpoint, post the request to the PAR endpoint. Then, the PAR endpoint returns a request_uri that you can use to call the /authorize endpoint as in a regular PAR flow.

The following cURL request uses PAR and JAR together:

curl --location '' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=[YOUR CLIENT ID]' \
--data-urlencode 'client_secret=[YOUR CLIENT SECRET]' \
--data-urlencode 'request=[JWT]'

Was this helpful?


Learn more