[Openid-specs-mobile-profile] Issue #135: token endpoint response when client polls quicker than 'internal' may be unclear (openid/mobile)
Joseph Heenan
issues-reply at bitbucket.org
Fri Dec 14 12:04:20 UTC 2018
New issue 135: token endpoint response when client polls quicker than 'internal' may be unclear
https://bitbucket.org/openid/mobile/issues/135/token-endpoint-response-when-client-polls
Joseph Heenan:
7.3. Successful Authentication Request Acknowledgement says:
> interval OPTIONAL. The minimum amount of time in seconds that the Client MUST wait between polling requests to the token endpoint.
I think it's unclear what error an AS should return if a client violates the rule - I think it would be valid to return 'slow_down' but I think it's possible to form an argument that 'invalid_request' or another error might also be valid.
It may be in the interests of interoperability to define the behaviour in this case.
I think I would tend towards treating it as a hard error to ensure that clients that accidentally poll more often than they should are discovered and fixed.
More information about the Openid-specs-mobile-profile
mailing list