ASVS Requirement 10.6.2

• Level: 2
• Chapter: V10 OAuth and OIDC
• Section: V10.6 OpenID Provider
• Source: 0x19-V10-OAuth-and-OIDC.md

Description

Verify that the OpenID Provider mitigates denial of service through forced logout. By obtaining explicit confirmation from the end-user or, if present, validating parameters in the logout request (initiated by the relying party), such as the 'id_token_hint'.