5. Authorization Server Metadata

The following authorization server metadata parameters [RFC8414] are introduced to signal the server's capability and policy with respect to PAR.

pushed_authorization_request_endpoint

: The URL of the pushed authorization request endpoint at which a client can post an authorization request to exchange for a request_uri value usable at the authorization server.

require_pushed_authorization_requests

: Boolean parameter indicating whether the authorization server accepts authorization request data only via PAR. If omitted, the default value is false.

Note that the presence of pushed_authorization_request_endpoint is sufficient for a client to determine that it may use the PAR flow. A request_uri value obtained from the PAR endpoint is usable at the authorization endpoint regardless of other authorization server metadata such as request_uri_parameter_supported or require_request_uri_registration [OIDC.Disco].

5. Authorization Server Metadata​

5. Authorization Server Metadata