Description
Pushed Authorization Requests (RFC 9126) for enhanced security by sending auth parameters directly to the server.
Implemented
- ✅ PAR endpoint (/auth/oauth/par)
- ✅ Request URI generation
- ✅ Request URI consumption
- ✅ Request expiration
- ✅ PKCE forwarding
Remaining Work
- Request object support (RFC 9101)
- Request object signing/encryption
- Require PAR mode per client
- Request URI caching optimization
- Request binding (DPoP, mTLS)
Files
Getting Started
- Review existing PAR implementation
- Add request object support
- Implement require-PAR client option
Description
Pushed Authorization Requests (RFC 9126) for enhanced security by sending auth parameters directly to the server.
Implemented
Remaining Work
Files
plans/oauth-pushed-authorization-requests.mdpackages/oauth/Getting Started