Uber Developers

Pushed Authorization Requests (PAR)

POSThttps://auth.uber.com/oauth/v2/par

You are viewing the latest version of this endpoint.

¶ Pushed Authorization Request: OAuth 2.0 PAR Endpoint

The POST /par endpoint allows allows you to push the payload of an OAuth 2.0 authorization request to the authorization server via a direct request and provides you with a request URI that is used as reference to the data in a subsequent call to the authorization endpoint.

¶ Resource

POST https://auth.uber.com/oauth/v2/par

Note: This endpoint requires https://auth.uber.com as a base URL.

¶ Authorization

None

¶ POST Parameters

Parameter	Type	Description
`client_id` (required)	`string`	The Client ID of your application.
`response_type` (required)	`string`	The response type expected from the authorization server. Your application can use either `code` or `id_token` as value
`redirect_uri`	`string`	The URI we will redirect back to after an authorization by the resource owner. The base of the URI must match the `redirect_uri` used during the registration of your application. If none is provided the default is the first redirect URI provided in the application’s dashboard. It is invalid to provide no redirect uri and have none in the dashboard.
`login_hint`	`string`	The json-marshalled and base64-encoded string of a json object with user information including `first_name`, `last_name`, `email` and `phone`. This information will be used to pre-populate the login/signup page in subsequent authorize call
`scope`	`string`	Space delimited list of grant scopes you would like to have permission to access on behalf of the user. If none are provided the default is the set selected in your application’s dashboard. It is invalid to provide no scopes and have none selected in the dashboard.

Note: PAR endpoint accepts HTTP POST requests with parameters in the HTTP request message body using the application/x-www-form-urlencoded format.

¶ Example Request without login_hint

You can send all the parameters intended for the /authorize endpoint in the post request to the /par endpoint. When you include the corresponding request_uri in the subsequent request to the authorize endpoint, you can skip adding all these parameters in that request.

curl -d "client_id=<CLIENT_ID>&redirect_uri=<REDIRECT_URI>&response_type=code&scope=openid profile" -H "Content-Type: application/x-www-form-urlencoded" -X POST https://auth.uber.com/oauth/v2/par

¶ Response

Status-Code: 201 Created

{
    "request_uri":"urn:ietf:params:oauth:request_uri:xxxx",
    "expires_in":900
}

Note: request_uri is valid for 15 minutes and should be used as a query parameter in subsequent call to the Authorize endpoint. The expiration time is specified in seconds in the ‘expires_in’ key of the response payload.

¶ Example Request with login_hint

Login Hint includes some information of the user’s identity profile like name, email and phone number. This information will be used to prefill the signup/login page for the user in the subsequent call to the authorize endpoint.

LoginHint is a json with the fields: email, phone, first_name and last_name. The LoginHint json needs to be base64-encoded before adding it to the login_hint parameter in the par request.

For example:

echo '{"email":"abc@xyz.com","phone":"9876543210","first_name":"OneName","last_name":"TwoName"}' | base64
eyJlbWFpbCI6ImFiY0B4eXouY29tIiwicGhvbmUiOiI5ODc2NTQzMjEwIiwiZmlyc3RfbmFtZSI6Ik9uZU5hbWUiLCJsYXN0X25hbWUiOiJUd29OYW1lIn0K

Sample LoginHint Object	JSON Marshalled and Base64-Encoded String Representation
`{ "email": "abc@xyz.com", "phone": "9876543210", "first_name": "OneName", "last_name": "TwoName" }`	`eyJlbWFpbCI6ImFiY0B4eXouY29tIiwicGhvbmUiOiI5ODc2NTQzMjEwIiwiZmlyc3RfbmFtZSI6Ik9uZU5hbWUiLCJsYXN0X25hbWUiOiJUd29OYW1lIn0=`

Here is a sample par request with login_hint:

curl -d "client_id=<CLIENT_ID>&redirect_uri=<REDIRECT_URI>&response_type=code&login_hint=eyJlbWFpbCI6ImFiY0B4eXouY29tIiwicGhvbmUiOiI5ODc2NTQzMjEwIiwiZmlyc3RfbmFtZSI6Ik9uZU5hbWUiLCJsYXN0X25hbWUiOiJUd29OYW1lIn0=" -H "Content-Type: application/x-www-form-urlencoded" -X POST https://auth.uber.com/oauth/v2/par

¶ Response

Status-Code: 201 Created

{
    "request_uri":"urn:ietf:params:oauth:request_uri:xxxx",
    "expires_in":900
}

¶ Error Responses

Here are common error responses and the possible reason for each response.

Status Code: 401 Unauthorized

{
    "error": "invalid_client",
    "error_description": "there was an unexpected error; please verify your client has been created and setup properly"
}

You are using an invalid client_id.

Status Code: 400 Bad Request

{
    "error": "invalid_request",
    "error_description": "response_type: response type cannot be empty;client_id: client ID cannot be empty;"
}

You did not provide client_id and response_type in the request.
You did not provide the request parameters in the message body using the application/x-www-form-urlencoded format. You may have used some other format.

Status Code: 400 Bad Request

{
    "error": "invalid_scope",
    "error_description": "requested scopes are not valid"
}

You used some invalid scopes in the request.