7009_2

Unauthorized revocation of tokens

An authentication server that supports token revocation must verify the ownership of a token before revocation.

OAuth 2.0 Token Revocation (RFC7009, section 2.1)

Mitigations

This threat is considered fully mitigated if all the test cases from the following test set succeed.

The impact factor is a measure that indicates how important a given countermeasure is towards mitigating a threat.

Back to the threat overview