Ambiguity in user_code parameter
section 7.1.2 of CIBA specification describes about user_code which is often used then and there.But the information is bit ambiguous.Better if it is described in a better way.
Comments (7)
-
-
reporter Let me be clear.
Is the user_code is like a password that the user provides every time when he triggers authentication request through the client?
And the server needs to authenticate the user with that user_code[as a password] and then request authentication device to authorize.
-
- marked as minor
-
assigned issue to
-
must not be the password used to authenticate at the op
-
Add text to the first and last paragraphs of the user code section. For example remove SMS as a mechanism for receiving the user code.
-
-
- changed status to resolved
Merged in i162 (pull request
#76) to fix issue#162Editorial changes to better introduce the user code mechanism
Approved-by: Brian Campbell
Approved-by: Bjorn Hjelm
→ <<cset e21826fbcb9b>>
- Log in to comment
Hi Vivek, pls can you give us some more details on this - perhaps with some suggested text.