1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. mobile
  4. Issues

CIBA: New notification callback behaviour when token request is made before notification received

Issue #80 resolved
Dave Tonge created an issue

The new notification callback mode will allow a Client to call the token endpoint with the backchannel grant type.

If the Client calls the endpoint before receiving a notification should the error be the same as for polling, i.e.

The authorization request is still pending as the end-user hasn't yet been authenticated.

Or should there be a different error message.

At the heart of this issue is the question - can a Client configured to receive a notification that auth has happened also poll the token endpoint?

Comments (4)

  2. Brian Campbell

    In my thinking about it, the the notification callback is just an shortcut way to tell the client that the tokens/result is ready. But that it was otherwise the same as polling. So I would have answered yes to the "can a Client configured to receive a notification that auth has happened also poll the token endpoint?" question.

    We could have a different error for it. And maybe even additional behavior in that situation, like invalidating the transaction. But I'm not sure I see any value in differentiating the cases.

  3. Dave Tonge reporter

    There was agreement that the 2 modes should be treated the same - essentially a client in "ping" mode can also "poll".

  5. Log in to comment
Assignee
Type
bug
Priority
minor
Status
resolved
Component
CIBA
Milestone
Votes
0
Watchers
0
Jira: the preferred issue tracker for Bitbucket. Join the team!