# `AttestoPhoenix.Controller.PARController`
[🔗](https://github.com/XukuLLC/attesto_phoenix/blob/v0.19.0/lib/attesto_phoenix/controller/par_controller.ex#L1)

Pushed Authorization Request endpoint (RFC 9126).

The endpoint authenticates the client, stores the submitted authorization
request parameters behind a `request_uri`, and returns that reference to be
used at `/oauth/authorize`. The authorization endpoint still performs the
normal client/redirect/scope/PKCE validation when the reference is resolved.

This controller is a thin adapter: it parses the request off the `Plug.Conn`,
authenticates the client via `AttestoPhoenix.ClientAuthentication`
(RFC 6749 §2.3), lifts the DPoP facts into a `%PAR.Request{}` of plain data,
and calls `AttestoPhoenix.AuthorizationServer.PAR.store/2`. Every storage,
credential-stripping, and DPoP-binding decision lives in that conn-free core.

# `create`

```elixir
@spec create(Plug.Conn.t(), map()) :: Plug.Conn.t()
```

---

*Consult [api-reference.md](api-reference.md) for complete listing*