ASVS Requirement 10.3.4

• Level: 2
• Chapter: V10 OAuth and OIDC
• Section: V10.3 OAuth Resource Server
• Source: 0x19-V10-OAuth-and-OIDC.md

Description

Verify that, if the resource server requires specific authentication strength, methods, or recentness, it verifies that the presented access token satisfies these constraints. For example, if present, using the OIDC 'acr', 'amr' and 'auth_time' claims respectively.