Support Pushed Authorization Request

### Preflight Checklist

- [x] I agree to follow the [Code of Conduct](https://github.com/dexidp/dex/blob/master/.github/CODE_OF_CONDUCT.md) that this project adheres to.
- [x] I have searched the [issue tracker](https://www.github.com/dexidp/dex/issues) for an issue that matches the one I want to file, without success.

### Problem Description

It is not secure enough to send auth params via GET params, because it persists in the browser and can be easily compromised and forged. Also, GET params can become large.

### Proposed Solution

Implement PAR in Dex. A simple workflow is:
1. Accept post requests on `/auth` endpoint
2. Create an AuthRequest
3. Return the redirect URL with the auth request ID as a state
4. On redirect, check whether the state exists. If so, proceed.

Protect the state with HMAC.


### Alternatives Considered

_No response_

### Additional Information

https://datatracker.ietf.org/doc/html/rfc9126

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support Pushed Authorization Request #4755

Preflight Checklist

Problem Description

Proposed Solution

Alternatives Considered

Additional Information

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Support Pushed Authorization Request #4755

Description

Preflight Checklist

Problem Description

Proposed Solution

Alternatives Considered

Additional Information

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions