Pushed Authorization Request is a standard in OAuth 2.0 and specified in RFC 9126 - OAuth 2.0 Pushed Authorization Requests.
The purpose of PAR is to allow a client to push authorization request parameters directly to the authorization server. This avoids exposing these parameters to the user agent (i.e. a browser on the end-users system) and reduces the potential attack surface.
- Authenticity and integrity of request parameters is ensured.
- Confidentiality of requests parameters is guaranteed.
- Potential problems with overlong request URLs are avoided.