OPPushedAuthorization
Overview
Since OP version 4.2, the OAUTH2.PAR profile configuration bean enables support for OAuth2 Pushed Authorization Requests (PAR), a method for clients to push the payload of an OAuth 2.0 authorization request to AS/OP via a direct request and provides them with a request URI that is used as reference to the data in a subsequent call to the authorization endpoint.
Configuration
The requestUriType option can be used for defining the type how the resulting request_uri values are produced. The default (empty) value refers to the use of opaque format: it encodes all the requested parameters inside the token which is encrypted via data sealer. The benefit is that no server-side state is needed, but very long request parameter values may cause its length to exceed 512 ASCII characters, which is not recommended by the specs. The value “ss” refers to the use of configurable storage service: then the value remain short but the same storage must be available for authorization endpoint (OIDC.SSO profile) when the request_uri is used.
Virtually all the configuration options below can be set via two different properties: a static property that explicitly sets the value to use and a lookup strategy or predicate property that takes a Function or Predicate and returns the value to use. The dynamic property is generally named "propertyNamePredicate" or "propertyNameLookupStrategy" for Boolean- and non-Boolean-valued properties respectively.