ASVS Requirement 10.5.4

• Level: 2
• Chapter: V10 OAuth and OIDC
• Section: V10.5 OIDC Client
• Source: 0x19-V10-OAuth-and-OIDC.md

Description

Verify that the client validates that the ID Token is intended to be used for that client (audience) by checking that the 'aud' claim from the token is equal to the 'client_id' value for the client.