Pushed Authorization Requests (PAR)¶
OAuth 2.0 Pushed Authorization Requests (RFC 9126) for enhanced authorization security.
Request Model¶
PushedAuthorizationRequest(address, client_id, redirect_uri, scope='openid', response_type='code', state=None, nonce=None, code_challenge=None, code_challenge_method=None, client_secret=None)
dataclass
¶
Bases: BaseRequest
Request for OAuth 2.0 Pushed Authorization Request (RFC 9126).
Pushes authorization parameters to the PAR endpoint and receives
a request_uri for use in the authorization URL.
Attributes:
| Name | Type | Description |
|---|---|---|
address |
str
|
The pushed authorization request endpoint URL. |
client_id |
str
|
The client identifier. |
redirect_uri |
str
|
The registered redirect URI. |
scope |
str
|
Space-delimited scopes (default |
response_type |
str
|
OAuth 2.0 response type (default |
state |
str | None
|
CSRF protection value. |
nonce |
str | None
|
OpenID Connect nonce. |
code_challenge |
str | None
|
PKCE code challenge. |
code_challenge_method |
str | None
|
PKCE method ( |
client_secret |
str | None
|
Client secret (optional for public clients). |
Response Model¶
PushedAuthorizationResponse(is_successful, error=None, request_uri=None, expires_in=None)
dataclass
¶
Bases: BaseResponse
Response from a pushed authorization request endpoint (RFC 9126).
Check is_successful before accessing request_uri.
Use request_uri in the authorization URL instead of inline parameters.
Functions¶
push_authorization_request(request, http_client=None)
¶
Push authorization parameters to the PAR endpoint (RFC 9126).
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
request
|
PushedAuthorizationRequest
|
PAR request with authorization parameters. |
required |
http_client
|
HTTPClient | None
|
Optional managed HTTP client. |
None
|
Returns:
| Type | Description |
|---|---|
PushedAuthorizationResponse
|
PushedAuthorizationResponse with |