- edited description
CIBA: New notification callback behaviour when token request is made before notification received
The new notification callback mode will allow a Client to call the token endpoint with the backchannel grant type.
If the Client calls the endpoint before receiving a notification should the error be the same as for polling, i.e.
The authorization request is still pending as the end-user hasn't yet been authenticated.
Or should there be a different error message.
At the heart of this issue is the question - can a Client configured to receive a notification that auth has happened also poll the token endpoint?
Comments (4)
-
reporter -
In my thinking about it, the the notification callback is just an shortcut way to tell the client that the tokens/result is ready. But that it was otherwise the same as polling. So I would have answered yes to the "can a Client configured to receive a notification that auth has happened also poll the token endpoint?" question.
We could have a different error for it. And maybe even additional behavior in that situation, like invalidating the transaction. But I'm not sure I see any value in differentiating the cases.
-
reporter There was agreement that the 2 modes should be treated the same - essentially a client in "ping" mode can also "poll".
-
reporter - changed status to resolved
- Log in to comment