CIBA: Expiration Time

Issue #78 resolved

Dave Tonge created an issue 2018-08-29

The section on Authentication Request Acknowledgment Validation has this phrase:

The Client will have to keep the expiration time as well to be able to discard the authentication request acknowledgment.

I'm not sure what this means and I think it can be removed.

Comments (6)

Dave Tonge reporter
We discussed this issue on the call today. Those on the call understood the text to mean that the Client should keep track of when auth requests expire, so that they can clean up their state in the event that they receive no notification for a specific auth request.

We agreed to tidy up the wording and to explicitly specify the expected behaviour when an auth request expires.
- 2018-09-11T19:19:51+00:00
Gonzalo Fernández
Yes, the text means that the client must keep track of the auth requests expiration, to clean up their state when receiving no notification for a request or even to reject a notification for an expired request. I agree to better document this behaviour.
- 2018-09-13T13:56:30+00:00
Dave Tonge reporter
- assigned issue to
  
  Dave Tonge
- 2018-09-25T14:22:12+00:00
Dave Tonge reporter
https://bitbucket.org/openid/mobile/pull-requests/21/clean-up-explanation-of-expiration-time/diff
- 2018-10-02T08:04:25+00:00
Dave Tonge reporter
I'll deal with the error descriptions in a pull request related to issue ~~#81~~ or ~~#85~~
- 2018-10-02T08:05:26+00:00
Brian Campbell
- changed status to resolved
merged pull request ~~#21~~
- 2018-10-05T12:50:26+00:00
Log in to comment