コンテンツにスキップ

Create a pushed authorization request.

POST
/par
Code sample: Shell / cURL
curl --request POST \
--url https://auth.example.com/par \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data client_id=client_123 \
--data redirect_uri=https://app.example.com/callback \
--data response_type=code \
--data 'scope=openid profile email' \
--data code_challenge=rfc7636-code-challenge \
--data code_challenge_method=S256

Stores OAuth/OIDC authorization parameters and returns a request_uri per RFC 9126.

Media type application/x-www-form-urlencoded
object
client_id
required
string
redirect_uri
required
string format: uri
response_type
required
string
scope
string
state
string
code_challenge
string
code_challenge_method
string
nonce
string
request

Signed request object JWT.

string
Example
client_id=client_123&redirect_uri=https%3A%2F%2Fapp.example.com%2Fcallback&response_type=code&scope=openid+profile+email&code_challenge=rfc7636-code-challenge&code_challenge_method=S256

Successful JSON response.

Media type application/json
object
request_uri
required
string
expires_in
required
integer
Example
{
"request_uri": "urn:ietf:params:oauth:request_uri:par_123",
"expires_in": 90
}

Error response.

Media type application/json
object
error
string
error_description
string
message
string
webauthn_signal

Optional browser-side WebAuthn Signal API hint. When unknown_credential is true, clients that just received a WebAuthn credential assertion may call PublicKeyCredential.signalUnknownCredential() for that credential ID.

object
unknown_credential
boolean
key
additional properties
Example generated
{
"error": "example",
"error_description": "example",
"message": "example",
"webauthn_signal": {
"unknown_credential": true
}
}