Draft: OAuth 2.0 Pushed Authorization Requests


The Pushed Authorization Requsts extension describes a technique of initiating an OAuth flow from the backchannel instead of by building a URL, providing better security and more flexibility for building complex authorization requests.

This draft is still in progress, and is open to feedback from people who are interested in using it!

More resources