Ensuring that an OAuth 2.0 monitor sequence is properly formed allows critical workflows to operate reliably. We evaluate a number of specific criteria required for a valid OAuth 2.0 sequence, across various endpoints.

Authorization endpoint

We review a variety of characteristics including HTTPS scheme, TLS, query parameters, tags, and URL fragments.

Token endpoint

We review a variety of characteristics including HTTPS scheme, TLS, header and body parameters, JWT criteria, and claims.

Resource server endpoint

We review a variety of characteristics including HTTPS scheme, TLS, header and body parameters, token type criteria, and claims.