{
  "name": "22 - Protect authorization server Pushed Authorization Request (PAR) endpoint",
  "baseURI": "https://&{tenantHostname}",
  "condition": "${find(request.uri.path, '^/am/oauth2/realms/root/realms/&{realm}/par')}",
  "handler": {
    "type": "Chain",
    "config": {
      "filters": [
        {
          "type": "FapiParFilterChain",
          "config": {
            "apiClientService": "IdmApiClientService",
            "clientCertificate": "${pemCertificate(urlDecode(request.headers['ssl-client-cert'][0]))}",
            "forwardedHost": "&{asHostname}"
          }
        }
      ],
      "handler": "PlatformReverseProxyHandler"
    }
  }
}