require_
Registry Context
This client metadata indicates whether a particular client is required to use PAR to initiate authorization requests. If omitted, the value defaults to false.
Technical Summary
A Boolean OAuth client metadata parameter defined by RFC 9126 Section 6. A true value means PAR is the only allowed means for that client to initiate an authorization request; omission means false.
When Used
Used in client configuration or dynamic client registration to express a per-client policy requiring pushed authorization requests.
Normative Requirements
authorization server policy
RFC 9126 - Section 4
dictate, globally or on a per-client basis, that PAR is the only means for a client to pass authorization request data.
Authorization server policy MAY dictate, either globally or on a per-client basis, that PAR be the only means for a client to pass authorization request data.
authorization servers and clients
RFC 9126 - Section 4
use the metadata defined in Sections 5 and 6 to signal the desired PAR behavior.
Authorization server and clients MAY use metadata as defined in Sections 5 and 6 to signal the desired behavior.
Validation Guidance
Verify that the client metadata value is Boolean and treat an omitted value as false.
Reference
Details
- Entry Id
require_pushed_ authorization_ requests - Client Metadata Name
require_pushed_ authorization_ requests - Client Metadata Description
Indicates whether the client is required to use PAR to initiate authorization requests.- Change Controller
IESG- Reference
RFC9126 - Section 6