TokenEndpoint.MultipleCodeExchanges

Can codes be exchanged multiple times

This test checks if the token server allows authorization codes to be used multiple times.

View source code on GitHub

Documents

This test is part of the following document(s):

• The OAuth 2.0 Authorization Framework (RFC6749), section 4.1.2 (must)
• OAuth 2.0 Threat Model and Security Considerations (RFC6819), section 5.2.1.1 (must)
• OAuth 2.0 Security Best Current Practice (draft 25) (SecBCP), section 4.2.4 (must)
• Financial-grade API Security Profile (FAPI) 1.0 – Part 1: Baseline (FAPI1Base), section 5.2.2 (must)
• OAuth 2.0 Attacks & Defenses (AttsDefs), section unknown (must)

Back to the test case overview or the threat overview