- edited description
differing language over when client notification endpoint called
If the Client is registered in Ping mode, the OpenID Provider will send an HTTP POST Request to the Client Notification Endpoint either when the end-user is well authenticated and has authorized the request or if the end-user has denied the request.
and elsewhere:
It is the endpoint the OP will call after a succesful or failed end-user authentication.
I think the "has denied the request" language in the first one is incorrect given the OP may send the push with expired_token if auth_req_id has expired.
Comments (7)
-
reporter -
Do you think we should just use the language from your second example: "after a succesful or failed end-user authentication"
-
-
assigned issue to
- changed milestone to CIBA Implementer's Draft
-
assigned issue to
-
reporter Yeah, I think that works.
-
Thanks, its here now: https://bitbucket.org/openid/mobile/commits/c2d403e3ff2e670ce1439c2b07c6b19b6461da33
-
I do think we want to allow for the end user denying the request but that can be rolled up in a failed authentication
-
- changed status to resolved
I'm gonna call this one good with Dave's c2d403e
- Log in to comment