OIDC Discovery Flow Client
The Discovery Flow Client will automatically detect if the server supports PAR from the .well-known/openid-configuration document. If PAR is supported, the client will automatically use it.
If this is not the desired behavior, use the following instructions to disable PAR:
- Go to:
Loginapp >> OAuth 2.0/OIDC Clients >> OIDC Discovery 2.0 Flow Client - In section Authorization Request disable the Prefer Pushed Authorization Requests option.
- The discovery flow client will no longer use PAR.
For OPs that enforce PAR by setting the require_pushed_authorization_requests option to true in the discovery document, the above configuration is overridden, and PAR is used instead.