ASVS Requirement 10.7.2

• Level: 2
• Chapter: V10 OAuth and OIDC
• Section: V10.7 Consent Management
• Source: 0x19-V10-OAuth-and-OIDC.md

Description

Verify that when the authorization server prompts for user consent, it presents sufficient and clear information about what is being consented to. When applicable, this should include the nature of the requested authorizations (typically based on scope, resource server, Rich Authorization Requests (RAR) authorization details), the identity of the authorized application, and the lifetime of these authorizations.