RFC7523

JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants

This specification defines the use of a JSON Web Token (JWT) Bearer Token as a means for requesting an OAuth 2.0 access token as well as for client authentication. This document is an officially published standard.

Full text: https://tools.ietf.org/html/rfc7523

Countermeasures

This document introduces a number of security countermeasures for OAuth. The OAuch tests related to these countermeasures are:

• Jwt.SupportsJwtClientAuthenticationTest
• Jwt.HasIssuerClaimTest
• Jwt.HasSubjectClaimTest
• Jwt.HasAudienceClaimTest
• Jwt.IsExpirationCheckedTest
• Jwt.IsNotBeforeCheckedTest
• Jwt.IsIssuedAtCheckedTest
• Jwt.IsJwtReplayDetectedTest
• Jwt.IsSignatureRequiredTest
• Jwt.IsSignatureCheckedTest

Back to the documents overview