Skip to content

Commit

Permalink
OWASP#1964 - limit response_mode values for the client by AS
Browse files Browse the repository at this point in the history
  • Loading branch information
Elar Lang committed Oct 12, 2024
1 parent a4fe478 commit a137ff1
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions 5.0/en/0x51-V51-OAuth2.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ There are various different personas in the OAuth process, described in more det
| **51.2.9** | [ADDED] Verify that grant type 'code' is always used together with pushed authorization requests (PAR). | | ||
| **51.2.10** | [ADDED] Verify that the client is confidential and the authorization server requires the use of strong client authentication methods (based on public-key cryptography and resistant to replay attacks), i. e. 'mTLS' or 'private-key-jwt'. | | ||
| **51.2.11** | [ADDED] Verify that the authorization server issues only sender-constrained (Proof-of-Posession) access tokens, either using mTLS certificate binding or Demonstration of Proof of Possession (DPoP). | | ||
| **51.2.12** | [ADDED] Verify that for a given client, the authorization server only allows the 'response_mode' value that this client needs to use. ||||

## V51.3 OAuth Client

Expand Down

0 comments on commit a137ff1

Please sign in to comment.