Use Push Authorization Requests (PAR) and -Secured Authorization Requests (JAR) together to provide a higher security level in the . Whereas PAR provides clients with confidentiality and integrity protection for authorization requests, JAR provides non-repudiation protection.

How to use PAR and JAR together

To use PAR and JAR together, generate the JAR request and, instead of calling the /authorize endpoint, post the request to the PAR endpoint. Then, the PAR endpoint returns a request_uri that you can use to call the /authorize endpoint as in a regular PAR flow. The following cURL request uses PAR and JAR together: 
curl --location 'https://your_tenant.auth0.com/oauth/par' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=[YOUR CLIENT ID]' \
--data-urlencode 'client_secret=[YOUR CLIENT SECRET]' \
--data-urlencode 'request=[JWT]'

Learn more