[Openid-specs-mobile-profile] Issue #138: differing language over when client notification endpoint called (openid/mobile)
Joseph Heenan
issues-reply at bitbucket.org
Fri Dec 14 12:46:27 UTC 2018
New issue 138: differing language over when client notification endpoint called
https://bitbucket.org/openid/mobile/issues/138/differing-language-over-when-client
Joseph Heenan:
> If the Client is registered in Ping mode, the OpenID Provider will send an HTTP POST Request to the Client Notification Endpoint either when the end-user is well authenticated and has authorized the request or if the end-user has denied the request.
> It is the endpoint the OP will call after a succesful or failed end-user authentication.
I think the "has denied the request" language in the first one is incorrect given the OP may send the push with expired_token if auth_req_id has expired.
More information about the Openid-specs-mobile-profile
mailing list