This example extends the example Authorization code flow usage by replacing the first step with a pushed authorization request.
Step 1a - PAR request
Before the actual authorization code flow is started, the client uses the /par/ endpoint of the server to store the request parameters on the server.
curl --location 'https://oidc.airlock.com/auth-login/rest/oauth2/authorization-servers/myAS/par' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: ••••••' \ --data-urlencode 'response_type=code' \ --data-urlencode 'redirect_uri=https://oidc.airlock.com/application/demo' \ --data-urlencode 'scope=openid employee' \ --data-urlencode 'state=ee26b0dd4a...28a8ff'\ --data-urlencode 'client_id=oidc-client'
Step 1a - PAR response
In response to the request, the authorization server provides the client with a request_uri that serves as identifier for the requests parameters.
{
"request_uri": "urn:ietf:params:oauth:request_uri:RrHMXX...W2aWqu",
"expires_in": 90
}Step 1b - Authorize call
The authorization code flow is started by opening a browser window. The URL now only contains two parameters: client_id and the request_uri parameter provided in the PAR response:
https://oidc.airlock.com/auth-login/oauth2/v3/myAS/authorize?client_id=oidc-client&request_uri=urn%3Aietf%3Aparams%3Aoauth%3Arequest_uri%3RrHMXX...W2aWqu
After this step, the authorization code flow continues normally as shown in the example Authorization code flow usage.