# `AttestoPhoenix.AuthorizationServer.PAR.Request`
[🔗](https://github.com/XukuLLC/attesto_phoenix/blob/v0.19.0/lib/attesto_phoenix/authorization_server/par/request.ex#L1)

A parsed Pushed Authorization Request (RFC 9126), all plain data lifted at
the controller edge.

`AttestoPhoenix.Controller.PARController` authenticates the client
(RFC 6749 §2.3), parses the request body and the relevant `Plug.Conn` facts,
and builds this struct so that `AttestoPhoenix.AuthorizationServer.PAR` can
store the request against data only - never a conn.

## Fields

  * `:client` - the authenticated client (RFC 6749 §2.3), opaque to the core.
    The stored record's `client_id` is resolved from it through the host's
    `:client_id` callback, never trusted from the request body.
  * `:params` - the submitted authorization request parameters (RFC 9126 §2.1
    / RFC 6749 §4.1.1). Client-authentication credentials are stripped before
    storage; everything else is kept opaque for the authorization endpoint to
    validate when the `request_uri` is later resolved.
  * `:dpop_input` - the conn-free DPoP facts the controller lifts off the
    request: the presented `DPoP` request-header value(s) (RFC 9449 §4.1), and
    the canonical request URL/method the proof is bound to (RFC 9449 §4.2 /
    §4.3). See `t:AttestoPhoenix.AuthorizationServer.PAR.dpop_input/0`.

# `t`

```elixir
@type t() :: %AttestoPhoenix.AuthorizationServer.PAR.Request{
  client: term(),
  dpop_input: AttestoPhoenix.AuthorizationServer.PAR.dpop_input(),
  params: map()
}
```

---

*Consult [api-reference.md](api-reference.md) for complete listing*