CIBA: Expiration Time

Issue #78 resolved
Dave Tonge created an issue

The section on Authentication Request Acknowledgment Validation has this phrase:

The Client will have to keep the expiration time as well to be able to discard the authentication request acknowledgment.

I'm not sure what this means and I think it can be removed.

Comments (6)

  1. Dave Tonge reporter

    We discussed this issue on the call today. Those on the call understood the text to mean that the Client should keep track of when auth requests expire, so that they can clean up their state in the event that they receive no notification for a specific auth request.

    We agreed to tidy up the wording and to explicitly specify the expected behaviour when an auth request expires.

  2. Gonzalo Fernández

    Yes, the text means that the client must keep track of the auth requests expiration, to clean up their state when receiving no notification for a request or even to reject a notification for an expired request. I agree to better document this behaviour.

  3. Log in to comment