TokenEndpoint.ClientSecretEntropyMinReq

Is the client secret secure (128 bits)

This test calculates the entropy of the client secret and verifies that it conforms to the required minimum length of 128 bits

View source code on GitHub

Documents

This test is part of the following document(s):

• The OAuth 2.0 Authorization Framework (RFC6749), section 10.10 (must)
• OAuth 2.0 Threat Model and Security Considerations (RFC6819), section 5.1.4.2.2 (should)

Back to the test case overview or the threat overview