PAR (RFC 9126)

RU: PAR (RFC 9126)

Pushed Authorization Request (RFC 9126): an OAuth 2.0 extension where the client sends the full authorization request parameters directly to the authorization server's PAR endpoint via an HTTPS POST before redirecting the user. The server returns a short-lived request_uri that the client uses in place of the parameters in the browser redirect, keeping sensitive parameters off the URL and ensuring their integrity.