To use Highly Regulated Identity features, you must have an Enterprise Plan with the Highly Regulated Identity add-on. Refer to Auth0 Pricing for details.
The Auth0 Push Authorization Request (PAR) implementation is based on the OAuth RFC9126: Push Authorization Request specification. For more information, see Authorization Code Flow with Pushed Authorization Requests. By default, PAR is not enabled by your tenant. You can enable it in the under your tenant settings. To learn more, read Enable PAR for a tenant. After enabling PAR for your tenant, you can send authorization requests to both the /oauth/par and the /authorize endpoints. However, to fully secure your , set PAR as required for an application via the Management API or Application Settings on the Auth0 Dashboard.

Enable PAR for a tenant

To enable PAR for a tenant, use the Auth0 Dashboard.
  1. Navigate to Auth0 Dashboard > Settings > Advanced.
  2. Scroll down to Settings and toggle on Allow Pushed Authorization Requests (PAR).

Require PAR for an application

Your tenant must have Allow Pushed Authorization Requests (PAR) enabled at the tenant-level before enabling PAR at the application-level.
  1. Navigate to Auth0 Dashboard > Applications.
  2. Select the application.
  3. Select the Application Settings tab.
  4. In the Authorization Requests section, enable the toggle Require Pushed Authorization Requests (PAR).

Learn more