ASVS Requirement 10.5.2

• Level: 2
• Chapter: V10 OAuth and OIDC
• Section: V10.5 OIDC Client
• Source: 0x19-V10-OAuth-and-OIDC.md

Description

Verify that the client uniquely identifies the user from ID Token claims, usually the 'sub' claim, which cannot be reassigned to other users (for the scope of an identity provider).