PAR configuration for OAuth 2.0 and OIDC Clients

OIDC Discovery Flow Client

The Discovery Flow Client will automatically detect if the server supports PAR from the .well-known/openid-configuration document. If PAR is supported, the client will automatically use it.

If this is not the desired behavior, use the following instructions to disable PAR:

  1. Go to:
    Loginapp >> OAuth 2.0/OIDC Clients >> OIDC Discovery 2.0 Flow Client
  2. In section Authorization Request disable the Prefer Pushed Authorization Requests option.
  3. The discovery flow client will no longer use PAR.

For OPs that enforce PAR by setting the require_pushed_authorization_requests option to true in the discovery document, the above configuration is overridden, and PAR is used instead.

OAuth 2.0 Flow Client

In the OAuth 2.0 Flow Client, PAR must be configured manually as follows:

  1. Go to:
    Loginapp >> OAuth 2.0/OIDC Clients >> OAuth 2.0 Flow Client
  2. In section Authorization Request configure the parameter Pushed Authorization Request Endpoint URL.
  3. The OAuth 2.0 flow client will use PAR with the configured endpoint.