pushed_ authorization_ request_ endpoint
Registry Context
This metadata value is the authorization server's PAR endpoint URL. Clients use it to discover where to POST an authorization request and receive a request_uri value for use at the authorization endpoint.
Technical Summary
pushed_authorization_request_endpoint is an OAuth Authorization Server Metadata parameter whose value is the HTTPS URL of the pushed authorization request endpoint defined by RFC 9126.
When Used
Used by authorization servers that support OAuth 2.0 Pushed Authorization Requests to advertise their PAR endpoint in authorization server metadata.
Normative Requirements
Authorization servers
RFC 9126 - Section 2
accept its pushed authorization request endpoint URL as a value identifying it as an intended audience.
Condition: when JWT client assertion-based authentication is used
the authorization server MUST accept its issuer identifier, token endpoint URL, or pushed authorization request endpoint URL as values that identify it as an intended audience.
authorization servers supporting PAR
RFC 9126 - Section 2
include their pushed authorization request endpoint URL in authorization server metadata using the pushed_authorization_request_endpoint parameter.
Authorization servers supporting PAR SHOULD include the URL of their pushed authorization request endpoint in their authorization server metadata document.
PAR endpoint URL
RFC 9126 - Section 2
use the https scheme.
The PAR endpoint URL MUST use the "https" scheme.
Validation Guidance
If present, validate pushed_authorization_request_endpoint as a URL using the https scheme.
For an authorization server that supports PAR, warn if its authorization server metadata omits pushed_authorization_request_endpoint.
When testing JWT client assertion audience handling at the PAR endpoint, verify that the authorization server accepts its pushed_authorization_request_endpoint URL as an intended audience value.
Reference
Details
- Entry Id
pushed_authorization_ request_ endpoint - Metadata Name
pushed_authorization_ request_ endpoint - Metadata Description
URL of the authorization server's pushed authorization request endpoint- Change Controller
IESG- Reference
RFC9126 - Section 5