Pushed Authorization Requests (PAR)


Despite is still in Draft state (or a specification under development), Pushed Authorization Request is one the most impactful specification to OAuth2 framework security.
The security enhancement is brought by allowing the authorization request to be sent before the authorization request is done. Scenarios addressed using public clients can be enhanced such that public clients are not used.

How did we do with this article?