- edited description
differing language over when client notification endpoint called
Issue #138
resolved
If the Client is registered in Ping mode, the OpenID Provider will send an HTTP POST Request to the Client Notification Endpoint either when the end-user is well authenticated and has authorized the request or if the end-user has denied the request.
and elsewhere:
It is the endpoint the OP will call after a succesful or failed end-user authentication.
I think the "has denied the request" language in the first one is incorrect given the OP may send the push with expired_token if auth_req_id has expired.
Comments (7)
-
reporter
-
Do you think we should just use the language from your second example: "after a succesful or failed end-user authentication"
-
-
assigned issue to
Dave Tonge
- changed milestone to CIBA Implementer's Draft
-
assigned issue to
-
reporter
Yeah, I think that works.
-
Thanks, its here now: https://bitbucket.org/openid/mobile/commits/c2d403e3ff2e670ce1439c2b07c6b19b6461da33
-
I do think we want to allow for the end user denying the request but that can be rolled up in a failed authentication
-
- changed status to resolved
I'm gonna call this one good with Dave's c2d403e
- Log in to comment
- Assignee
- Type
- Priority
- Status
- resolved
- Component
- CIBA
- Milestone
- CIBA Implementer's Draft
- Votes
- 0
- Watchers
- 0
