Tokens.RefreshTokenEntropySugReq

Are the refresh tokens secure (160 bits)

This test calculates the entropy of the refresh tokens and verifies that it conforms to the suggested requirements of 160 bits

View source code on GitHub

Documents

This test is part of the following document(s):

• The OAuth 2.0 Authorization Framework (RFC6749), section 10.10 (should)
• Financial-grade API Security Profile (FAPI) 1.0 – Part 1: Baseline (FAPI1Base), section 5.2.2 (must)

Back to the test case overview or the threat overview