PAR configuration for OAuth 2.0 and OIDC authorization servers
See PAR - Pushed Authorization Request on the AS/OP for more details about the PAR feature.
The configuration of PAR requires the following tasks to be completed:
- -Database migration
- -Server configuration
- -Clean-up job
Server Configuration
- Go to:
Loginapp >> OAuth 2.0/OIDC Authorization Servers >> OAuth 2.0 Grants/OIDC Flows >> OIDC Authorization Code/Hybrid Flow - In section Authorization Code in property Pushed Authorization Requests create and edit an OAuth 2.0 Pushed Authorization Requests plugin
- In property OAuth 2.0 PAR Repository create and edit an OAuth 2.0 Pushed Authorization Request (PAR) Repository plugin
- In property SQL Data Source select an existing database connection plugin
- Optionally, in property Require PAR, select the checkbox to enforce PAR for all clients. If deselected, the decision to use PAR is with the client.
PAR clean-up job
- Go to:
Service Container >> Task Scheduler Config >> Service - In property Tasks create or edit the existing Task Schedule for the OAuth 2.0 Clean-up Task plugin.
- In property Cleanup Pushed Authorization Requests select the checkbox to enable this feature.
Further information and links
- General information about PAR - Pushed Authorization Request on the AS/OP.
- To migrate the database schema from IAM 8.2 or older, use the migration scripts provided in Relational databases for IAM.