TokenEndpoint.IsRefreshBoundToClient

Is the refresh token bound to a client

This test checks if the refresh token is bound to a specific client.

View source code on GitHub

Documents

This test is part of the following document(s):

• The OAuth 2.0 Authorization Framework (RFC6749), section 10.4 (must)
• OAuth 2.0 Threat Model and Security Considerations (RFC6819), section 5.2.2.2 (should)
• OAuth 2.0 Security Best Current Practice (SecBCP), section 4.13.2 (must)

Back to the test case overview or the threat overview