Autional Autional
API Reference GitHub autional.com →

POST /oauth/pushed-authorization

OAuth 2.0 Pushed Authorization Request endpoint (PAR). Client pushes authorization parameters to authorization server in advance, obtains request_uri to use in authorization request. Returns flat JSON (no code/message envelope). Reference: RFC 9126 (Pushed Authorization Requests).

OAuth None application/json

Request Body

Schema: dto.PushedAuthorizationRequest

FieldTypeRequiredExampleConstraintsDescription
client_id string Yes app-123 Client ID
redirect_uri string Yes https://app.example.com/callback Redirect URI
response_type string Yes code Response type
scope string Yes openid profile Scope
authorization_details array of

See dto.AuthorizationDetailDTO

No RAR authorization details
client_secret string No secret_abc123 Client secret
code_challenge string No E9Melhoa2Ow... Code challenge
code_challenge_method string No S256 Challenge method
nonce string No nonce-123 Nonce
resources array of

string

No Resource
state string No state-123 State

Responses

StatusDescriptionSchema
201PAR response (includes request_uri and expires_in)dto.PushedAuthorizationResponse
400invalid_request: request parameters missing or invalid. Reference: RFC 9126.dto.OAuthErrorResponse
401invalid_client: client authentication failed. Reference: RFC 9126.dto.OAuthErrorResponse
500server_error: failed to store authorization request. Reference: RFC 9126.dto.OAuthErrorResponse

Referenced Schemas

dto.AuthorizationDetailDTO

FieldTypeRequiredExampleConstraintsDescription
actions array of

string

No ['["list_accounts"', '"read_balances"]'] Operation
constraints object No Extension constraints
data_types array of

string

No ['["account_details"', '"balances"]'] Data type
identifier string No account-12345 Identifier
locations array of

string

No ['["https://example.com/accounts"]'] Location
type string No account_information Grant type

dto.OAuthErrorResponse

OAuth standard error response

FieldTypeRequiredExampleConstraintsDescription
error string No invalid_request Error code
error_description string No Missing required parameter Error description
error_uri string No https://docs.example.com/errors Error URI
state string No state-123 Status

dto.PushedAuthorizationResponse

PAR response

FieldTypeRequiredExampleConstraintsDescription
expires_in integer No 90 Expires in seconds
request_uri string No urn:example:request_uri:xxx Request URI