oauth/oidc - tokens only for intended purpose, #2005

OWASP · Sep 18, 2024 · 8547e99 · 8547e99
1 parent 21ed246
commit 8547e99
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/5.0/en/0x51-V51-OAuth2.md b/5.0/en/0x51-V51-OAuth2.md
@@ -8,8 +8,7 @@ There are various different personas in the OAuth process, described in more det
 
 | # | Description | L1 | L2 | L3 |
 | :---: | :--- | :---: | :---: | :---: |
-
-
+| **51.1.1** | [ADDED] Verify that tokens (such as ID tokens, access tokens and refresh tokens) can only be used for their intended purpose. For example, ID tokens can only be used to prove user authentication for the client. | ✓ | ✓ | ✓ |
 
 ## V51.2 OAuth Authorization Server