CIBA: Expiration Time
Issue #78
resolved
The section on Authentication Request Acknowledgment Validation has this phrase:
The Client will have to keep the expiration time as well to be able to discard the authentication request acknowledgment.
I'm not sure what this means and I think it can be removed.
Comments (6)
-
reporter -
Yes, the text means that the client must keep track of the auth requests expiration, to clean up their state when receiving no notification for a request or even to reject a notification for an expired request. I agree to better document this behaviour.
-
reporter -
assigned issue to
-
assigned issue to
-
reporter -
reporter -
- changed status to resolved
merged pull request
#21 - Log in to comment
We discussed this issue on the call today. Those on the call understood the text to mean that the Client should keep track of when auth requests expire, so that they can clean up their state in the event that they receive no notification for a specific auth request.
We agreed to tidy up the wording and to explicitly specify the expected behaviour when an auth request expires.