ASVS Requirement 10.4.9

• Level: 2
• Chapter: V10 OAuth and OIDC
• Section: V10.4 OAuth Authorization Server
• Source: 0x19-V10-OAuth-and-OIDC.md

Description

Verify that refresh tokens and reference access tokens can be revoked by an authorized user using the authorization server user interface, to mitigate the risk of malicious clients or stolen tokens.