Currently, library uses the PAR endpoint, during the authorization phase of authorization code flow, in case the authorization server used by the credential issuer advertises a PAR endpoint. Otherwise, library falls back to preparing an ordinary authorization request (front channel).
Ideally, there should be a policy (or configuration option) with regards in the usage of PAR endpoint
There are the following option:
Use PAR endpoint if it is being advertised, otherwise fallback to ordinary request.
Do not use PAR endpoint. Always place ordinary front channel requests.
Always use PAR and fail in case the authorization server doesn't provide a PAR endpoint
Currently, library uses the PAR endpoint, during the authorization phase of authorization code flow, in case the authorization server used by the credential issuer advertises a PAR endpoint. Otherwise, library falls back to preparing an ordinary authorization request (front channel).
Ideally, there should be a policy (or configuration option) with regards in the usage of PAR endpoint
There are the following option: