From e053d93e2a6bb31ce68729a93721b0f0aad4a0ea Mon Sep 17 00:00:00 2001
From: Elar Lang <47597707+elarlang@users.noreply.github.com>
Date: Thu, 21 Nov 2024 08:20:39 +0200
Subject: [PATCH] updates for consent requirements

---
 5.0/en/0x51-V51-OAuth2.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/5.0/en/0x51-V51-OAuth2.md b/5.0/en/0x51-V51-OAuth2.md
index 34d5c8efbf..cdc135192d 100644
--- a/5.0/en/0x51-V51-OAuth2.md
+++ b/5.0/en/0x51-V51-OAuth2.md
@@ -37,8 +37,8 @@ Given the complexity of the area, it is vitally important for a secure OAuth or
 | **51.2.13** | [ADDED] Verify that refresh tokens have an absolute expiration, including if sliding refresh token expiration is applied. | ✓ | ✓ | ✓ |
 | **51.2.14** | [MODIFIED, MOVED FROM 3.5.1] Verify that refresh tokens and reference access tokens can be revoked by an authorized user. It can be achieved by using the authorization server user interface, or by a client that is using authorization server APIs for revocation. | | ✓ | ✓ |
 | **51.2.15** | [ADDED] Verify that, for a server-side client (which is not executed on the end-user device), the authorization server ensures that the 'authorization_details' parameter value is from the client backend and that the user has not tampered with it. For example by requiring the usage of pushed authorization request (PAR) or JWT-secured authorization request (JAR). | | | ✓ |
-| **51.2.16** | [ADDED] Verify that the authorization server ensures that the user consents to each authorization request. If the identity of the client cannot be assured, the authorization server must always explicitly prompt the user for consent. | ✓ | ✓ | ✓ |
-| **51.2.17** | [ADDED] Verify that when the authorization server prompts for user consent, it presents sufficient and clear information about what is being consented to. This should include, when applicable: the nature of the requested authorizations (typically based on scope, resource servers, RAR authorization details), the identity of the authorized application and the lifetime of these authorizations. | ✓ | ✓ | ✓ |
+| **51.2.16** | [ADDED] Verify that the authorization server ensures that the user consents to each authorization request. If the identity of the client cannot be assured, the authorization server must always explicitly prompt the user for consent. | | ✓ | ✓ |
+| **51.2.17** | [ADDED] Verify that when the authorization server prompts for user consent, it presents sufficient and clear information about what is being consented to. When applicable this should include the nature of the requested authorizations (typically based on scope, resource server, rich authorization requests (RAR) authorization details), the identity of the authorized application and the lifetime of these authorizations. | | ✓ | ✓ |
 
 ## V51.3 OAuth Client