1.1. Introductory Example (导引示例)

在常规 OAuth 2.0 中, 客户端通常通过引导用户代理向授权服务器的授权端点发起如下 HTTP 请求来开始授权请求 (仅为展示而换行与缩进):

GET /authorize?response_type=code
 &client_id=CLIENT1234&state=duk681S8n00GsJpe7n9boxdzen
 &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb HTTP/1.1
Host: as.example.com

此类请求也可以由客户端通过向 PAR 端点发送 POST 请求直接推送到授权服务器, 如下例所示 (仅为展示而换行与空格). 由于请求直接向授权服务器发出, 客户端可以进行认证 (例如, 如所示使用基于 JWT 客户端断言的认证).

POST /as/par HTTP/1.1
Host: as.example.com
Content-Type: application/x-www-form-urlencoded

&response_type=code
&client_id=CLIENT1234&state=duk681S8n00GsJpe7n9boxdzen
&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb
&client_assertion_type=
 urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
&client_assertion=eyJraWQiOiI0MiIsImFsZyI6IkVTMjU2In0.eyJpc3MiOiJDTE
 lFTlQxMjM0Iiwic3ViIjoiQ0xJRU5UMTIzNCIsImF1ZCI6Imh0dHBzOi8vc2VydmVyL
 mV4YW1wbGUuY29tIiwiZXhwIjoxNjI1ODY4ODc4fQ.Igw8QrpAWRNPDGoWGRmJumLBM
 wbLjeIYwqWUu-ywgvvufl_0sQJftNs3bzjIrP0BV9rRG-3eI1Ksh0kQ1CwvzA

授权服务器以请求 URI 响应:

HTTP/1.1 201 Created
Cache-Control: no-cache, no-store
Content-Type: application/json

{
  "request_uri": "urn:example:bwc4JK-ESC0w8acc191e-Y1LTC2",
  "expires_in": 90
}

客户端使用请求 URI 值, 通过引导用户代理向授权服务器的授权端点发起如下 HTTP 请求来构造后续授权请求 (仅为展示而换行与缩进):

GET /authorize?client_id=CLIENT1234
 &request_uri=urn%3Aexample%3Abwc4JK-ESC0w8acc191e-Y1LTC2 HTTP/1.1
Host: as.example.com

1.1. Introductory Example (导引示例)​

1.1. Introductory Example (导引示例)