PrivacyIDEA should determine the expiration status of a challenge internally #1837
Token-challenges have an expiry associated with them. Currently it is left to the client talking to PI to check, whether a challenge is actually still valid, before allowing the user to sign in.
This leads to several problems:
A nicer way to handle this, would be to add a Boolean indicating whether a challenge has expired to /token/challenges