10.9. 确保端点真实性(10.9. Ensuring Endpoint Authenticity)
10.9. 确保端点真实性
为了防止中间人攻击,授权服务器必须对任何被发送到授权和令牌端点的请求要求RFC2818中定义的具有服务器身份验证的TLS 的使用。客户端必须按RFC6125定义且按照它服务器身份进行身份验证的需求验证授权服务器的的TLS证书。
10.9. Ensuring Endpoint Authenticity
In order to prevent man-in-the-middle attacks, the authorization
server MUST require the use of TLS with server authentication as
defined by [RFC2818] for any request sent to the authorization and
token endpoints. The client MUST validate the authorization server's
TLS certificate as defined by [RFC6125] and in accordance with its
requirements for server identity authentication.
No Comments