TokenEndpoint.IsHttpsRequired

Is HTTPS required at the token endpoint

This test checks whether the token endpoint enforces HTTPS connections.

View source code on GitHub

Documents

This test is part of the following document(s):

• The OAuth 2.0 Authorization Framework (RFC6749), section 3.2.1 (must)
• The OAuth 2.0 Authorization Framework: Bearer Token Usage (RFC6750), section 5.2 (must)
• RFC8628 - OAuth 2.0 Device Authorization Grant (RFC8628), section 3.4 (must)
• Proof Key for Code Exchange by OAuth Public Clients (RFC7636), section 7.5 (must)
• OAuth 2.0 Threat Model and Security Considerations (RFC6819), section 5.1.1 (must)
• OpenID Connect Core 1.0 incorporating errata set 1 (OIDC), section 3.1.3 (must)
• Financial-grade API Security Profile (FAPI) 1.0 – Part 1: Baseline (FAPI1Base), section 7.1 (must)
• Financial-grade API Security Profile (FAPI) 1.0 – Part 2: Advanced (FAPI1Adv), section 8.5 (must)

Back to the test case overview or the threat overview