late-tiger-78467
10/14/2021, 7:13 AMlate-tiger-78467
10/16/2021, 7:16 PMlate-tiger-78467
10/18/2021, 10:48 AMPARClient
interface with an Enforced() boolean
func? The change is small to check and fail a request on the authorize endpoint if PAR is enforced and the request doesn't contain the right request_uri. But it doesn't match the spec exactly.
This could also be implemented by consumers (like Hydra) by adding another authorize endpoint handler that performs any enforcement logic that it wants.