[Openid-specs-mobile-profile] Issue #143: CIBA: error=expired_token in the push mode (openid/mobile)

Takahiko Kawasaki issues-reply at bitbucket.org
Tue Dec 25 18:55:49 UTC 2018

New issue 143: CIBA: error=expired_token in the push mode

Takahiko Kawasaki:

*"12. Push Error Payload"* lists `expired_token` as an `error` code and its description says as follows.

> The `auth_req_id` has expired. The Client will need to make a new Authentication Request. OpenID Providers are not required to send this error, but Clients SHOULD support receiving this error.

However, there is no chance that OpenID provider implementations use the error code in the push mode unless the implementations repurpose the error code, for example, for a case where end-user authentication and authorization could not finish in a reasonable amount of time which is longer than the lifetime of the `auth_req_id`. So, I'm afraid it would be better to remove `expired_token` from the list of error codes applicable to the push error payload.

More information about the Openid-specs-mobile-profile mailing list