Pushed Authorization Request (PAR) Endpoint

Suggest Edits

If the Interac Hub Subject Matching service is enabled, or the partner specifically requests that the PAR flow is enabled, then the initial HTTP GET authorization_request call will be replaced by an HTTP POST request to the Interac Hub's pushed_authorization_request_endpoint endpoint.

POST /auth/par HTTP/1.1
Host: hub_server.example.com
Content-Type: application/x-www-form-urlencoded
request=val1&response_type=val2&client_id=val3&scope=val4&state=val5&redirect_uri=val6

Refer to the Authorization Endpoint section for full details on the request parameters to be used in the HTTP POST request body, including the signed request object.

Referenced Standard(s): RFC 9126: OAuth 2.0 Pushed Authorization Requests

Example Request / Response

curl -X 'POST' \
'https://gateway-devportal2.pp.vids.dev/auth/par' \
-H 'accept: application/json' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'request=eyJhbGciOiJSUzI1NiIsImtpZCI6ImNJbERlUjhENFJleHJabVVkS2hCeE1zRDJiTVg0bDg3XzVKckFSaDRWSVUifQ.eyJhdWQiOiJodHRwczovL2dhdGV3YXktZGV2cG9ydGFsMi5wcC52aWRzLmRldi8iLCJjbGllbnRfaWQiOiJodWItaW50LXRlYW0iLCJjb2RlX2NoYWxsZW5nZSI6ImF1TEtIVTNpWVlBcHlDeDdXUVU5Q195RVdWeXM1cTJEMUozQjZwaFYxTXMiLCJjb2RlX2NoYWxsZW5nZV9tZXRob2QiOiJTMjU2IiwiaXNzIjoiaHViLWludC10ZWFtIiwibm9uY2UiOiJhYmRkNWVlZDg5ODM0YjYyYWVlMmRlN2E2ZWQ0ZDkyZSIsInJlZGlyZWN0X3VyaSI6Imh0dHA6Ly9sb2NhbGhvc3Q6NTAwMC9sb2dpblJlc3BvbnNlIiwicmVzcG9uc2VfdHlwZSI6ImNvZGUiLCJzY29wZSI6Im9wZW5pZCBvbmx5Vm1lIiwic3RhdGUiOiI1ZGU3ODk4ODFjYzk0NGE3OGU5YzFjOWQ5NDdmNzg2NyIsInVpX2xvY2FsZSI6ImVuLUNBIn0.rBmjM6KEYsoBCoR2Wk3XnAP57AVqVo-gG4BdQp1wVZs4GiD77Oo9JTYvOZXyk1qmdttxkMUUo8Uj5ibAmsV0kY4-56mdAOuLryBYVRpwmVAWIgJ7I49LItNDnRbOhSyJkUsXUUFu85am27r83XoTjm5xIHYzfFCsNoBVD0oDsuFDZX8ri6UY7vK3Y9feIBqPYXERmuBsDohwogyZbXEUe0AbHFmdcYyYVcLY5q1mSF_0VBqZIsRiC73sipohhGkWy0No-oArTshKZ5C_BWxpCoTxCiS8xvz6wffmyJBqKbOjPYKmRD59BZ6yRysXzbShsFaezw_MwsRaMWfFMnrT3A&response_type=code&client_id=hub-int-team-sub&scope=openid+onlyVme_sub&state=49fdeb3da4964a589a563cad5c5e2893&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2FloginResponse'

{
    "request_uri": "urn:avast:hub:0584f83b-2995-4bc5-9c76-b43ebd4257f1",
    "expires_in": 120,
    "user_href": "https://gateway-devportal2.pp.vids.dev/auth/par?request_uri=urn%3Aavast%3Ahub%3A0584f83b-2995-4bc5-9c76-b43ebd4257f1"
}

The user must be redirected to the user_href URL. The Interac Hub will show the landing page for the users to follow ID verification instructions.

Updated 8 months ago