ASVS Requirement 10.4.7

• Level: 2
• Chapter: V10 OAuth and OIDC
• Section: V10.4 OAuth Authorization Server
• Source: 0x19-V10-OAuth-and-OIDC.md

Description

Verify that if the authorization server supports unauthenticated dynamic client registration, it mitigates the risk of malicious client applications. It must validate client metadata such as any registered URIs, ensure the user's consent, and warn the user before processing an authorization request with an untrusted client application.