ASVS Requirement 10.4.16

• Level: 3
• Chapter: V10 OAuth and OIDC
• Section: V10.4 OAuth Authorization Server
• Source: 0x19-V10-OAuth-and-OIDC.md

Description

Verify that the client is confidential and the authorization server requires the use of strong client authentication methods (based on public-key cryptography and resistant to replay attacks), such as mutual TLS ('tls_client_auth', 'self_signed_tls_client_auth') or private key JWT ('private_key_jwt').