Technical Summary
This document defines the pushed authorization request endpoint,
which allows clients to push the payload of an OAuth 2.0
authorization request to the authorization server via a direct
request and provides them with a request URI that is used as
reference to the data in a subsequent call to the authorization
endpoint.
Working Group Summary
The document changes the way to interact with the authorization
request endpoint. The use of this work is envisioned within the
finance sector.
Document Quality
Based on feedback provided by participants of the OAuth working group
the following implementations of PAR are available:
Open source framework implementing PAR (with optional JWSREQ) in Golang:
https://github.com/zntrio/solid
Authlete supports PAR and has passed the PAR test cases in the OpenID
conformance suite. Documents mentioning Authlete's PAR support are here:
https://www.authlete.com/news/20210204_authlete_2_2/https://www.authlete.com/developers/relnotes/2.2/
The Node.js open source openid-client project:
https://github.com/panva/node-openid-client
Glewlwyd 2.5.2 supports PAR:
https://github.com/babelouest/glewlwyd
PAR is supported by the Connect2id server and the the open source OAuth 2.0 / OIDC SDK,
which has also been picked up by some downstream security frameworks and projects:
https://connect2id.com/blog/pushed-authorisation-request-in-oauth-sdk
The Yes Signing Flow is based on PAR and therefore implemented by our banks (> 1000).
A python client for the yes signing flow is publicly available that uses PAR:
https://github.com/yescom/pyyes
Authress supports PAR.
The Node.js open source oidc-provider project implements PAR behind a feature flag:
https://github.com/panva/node-oidc-provider
The open source project "Loginbuddy" implements PAR and the functionality is
documented here:
https://github.com/SaschaZeGerman/loginbuddy/wiki/Protocols-and-APIs
PingFederate has officially released PAR, see
https://docs.pingidentity.com/bundle/pingfederate-102/page/qem1584122852896.html
Finally, ForgeRock plans to implement PAR.
Personnel
Hannes Tschofenig is the document shepherd
Roman Danyliw is the the responsible area director