What Are OAuth Pushed Authorization Requests (PAR)?

akshayaote7 · March 10, 2025, 11:00am

Hi Robertino,

I have a question if you can guide me for the solution:

I have three applications:

Our own SSO that supports Authorization Code + PKCE
A Client UI App
A Client API App

The Client UI App authenticates through our SSO and interacts with the Client API App’s endpoints.

Now, if I want to implement Pushed Authorization Requests (PAR), where should I place the initial request to obtain the request_uri within this Client UI and API structure?

Since the PAR request to obtain the request_uri must be a back-channel request, where should it be initiated?

Topic		Replies	Views
Invoking /authorize PKCE endpoint from server Get Help	3	3981	August 27, 2019
A Practical Guide to leverage OAuth2 Authorization Flows Get Help pkce , oauth2	3	3838	January 30, 2020
Can I authenticate a client using OAuth2 without redirect_uri? Get Help	5	20217	July 25, 2019
Authorization Flow native app -> Web Service Get Help	2	3247	December 17, 2018
Auth0 Secure Api for logged users Get Help api-authorization	3	3640	March 2, 2018

What Are OAuth Pushed Authorization Requests (PAR)?

Related topics