Term · 28. International Regulations
OIDC PAR (Pushed Authorization Requests) PAR
Definition
OAuth 2.0 Pushed Authorization Requests — IETF RFC 9126. Client sends authorization request parameters directly to the authorization server via secure backchannel, receiving a short-lived request URI. User-agent then receives only the request URI, not the full request parameters. Mitigates parameter tampering, leakage in browser history, and reduces URL length issues. Mandatory in FAPI 2.0.
- Synonyms
-
- Pushed Authorization Requests
- OAuth PAR
- Application
- Regulatory: IETF RFC (e.g., 7519 JWT, 6749 OAuth 2.0)
- Standards & regulations
-
- IETF
- Sources
-
- OAuth 2.0 PAR — RFC 9126 primary source
Related terms
-
DPoP (Demonstration of Proof of Possession) (DPoP)
Demonstration of Proof-of-Possession — IETF RFC 9449, OAuth 2.0 mechanism binding an access token to a private key held …
-
FAPI 2.0 (Financial-grade API) (FAPI 2.0)
OpenID Foundation Financial-grade API Security Profile 2.0 — high-security authorization profile for financial APIs (ope …
-
Kerberos
Network authentication protocol developed at MIT (Kerberos v5: IETF RFC 4120, 2005) using symmetric-key cryptography and …
-
mTLS (mutual TLS) (mTLS)
Mutual TLS — both client and server authenticate each other via certificates during TLS handshake. RFC 8705 specifies OA …
-
OAuth 2.1 (OAuth 2.1)
IETF draft consolidating OAuth 2.0 (RFC 6749) with security best practices and deprecating insecure patterns: removes im …
-
OpenID Connect (OIDC)
Identity layer on top of OAuth 2.0 (OpenID Foundation, OIDC Core 1.0). Provides standardized authentication via JWT ID t …