User-Interactive Authentication: What to respond when a client attempts to complete an already-completed stage? #1987
Labels
clarification
An area where the spec could do with being more explicit
client-server
Client-Server API
Projects
In the User-Interactive Authentication part of the specification, it states that the response contains an array of completed stages, as well as how to handle authentication stage attempts.
However, it does not specify what the correct behaviour would be if the client attempts to authenticate to a stage that has already been completed. Should it:
In particular considering the potential need for supporting retransmission of authentication attempts when the connection is shaky, I suspect that it should be option 1 or 2, but I'm not sure.
The text was updated successfully, but these errors were encountered: