Create a pushed authorization request.
POST
/par
Code sample: Shell / cURL
curl --request POST \ --url https://auth.example.com/par \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data client_id=client_123 \ --data redirect_uri=https://app.example.com/callback \ --data response_type=code \ --data 'scope=openid profile email' \ --data code_challenge=rfc7636-code-challenge \ --data code_challenge_method=S256Stores OAuth/OIDC authorization parameters and returns a request_uri per RFC 9126.
Request Body
Section titled “Request Body ” Media type application/x-www-form-urlencoded
object
client_id
required
string
redirect_uri
required
string format: uri
response_type
required
string
scope
string
state
string
code_challenge
string
code_challenge_method
string
nonce
string
request
Signed request object JWT.
string
Example
client_id=client_123&redirect_uri=https%3A%2F%2Fapp.example.com%2Fcallback&response_type=code&scope=openid+profile+email&code_challenge=rfc7636-code-challenge&code_challenge_method=S256Responses
Section titled “ Responses ”Successful JSON response.
Media type application/json
object
request_uri
required
string
expires_in
required
integer
Example
{ "request_uri": "urn:ietf:params:oauth:request_uri:par_123", "expires_in": 90}Error response.
Media type application/json
object
error
string
error_description
string
message
string
webauthn_signal
Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.
object
unknown_credential
boolean
key
additional properties
Example generated
{ "error": "example", "error_description": "example", "message": "example", "webauthn_signal": { "unknown_credential": true }}