From 9e8c013799cadabb01587e7c245b2385e2e9444e Mon Sep 17 00:00:00 2001 From: Elar Lang Date: Sat, 12 Oct 2024 18:12:50 +0300 Subject: [PATCH] #1968 - max lifetime for refresh tokens --- 5.0/en/0x51-V51-OAuth2.md | 1 + 1 file changed, 1 insertion(+) diff --git a/5.0/en/0x51-V51-OAuth2.md b/5.0/en/0x51-V51-OAuth2.md index d66eb0af30..a800d9c5da 100644 --- a/5.0/en/0x51-V51-OAuth2.md +++ b/5.0/en/0x51-V51-OAuth2.md @@ -27,6 +27,7 @@ There are various different personas in the OAuth process, described in more det | **51.2.10** | [ADDED] Verify that the client is confidential and the authorization server requires the use of strong client authentication methods (based on public-key cryptography and resistant to replay attacks), i. e. 'mTLS' or 'private-key-jwt'. | | | ✓ | | **51.2.11** | [ADDED] Verify that the authorization server issues only sender-constrained (Proof-of-Posession) access tokens, either using mTLS certificate binding or Demonstration of Proof of Possession (DPoP). | | | ✓ | | **51.2.12** | [ADDED] Verify that for a given client, the authorization server only allows the 'response_mode' value that this client needs to use. | ✓ | ✓ | ✓ | +| **51.2.13** | [ADDED] Verify that refresh tokens have an absolute expiration, including if sliding refresh token expiration is applied. | ✓ | ✓ | ✓ | ## V51.3 OAuth Client