Hi all,
I am using a client with urn:ietf:wg:oauth:2.0:oob.
If a user has too long to change his password, he will retrieve an error message. However, he can not restart the authentication process.
As far as I understand the verifyAction method in the LoginActionsService, only the "authentication" action will reset the authentication flow. I think it would make sense to reset the authentication flow also if a user has too long to change his password or so.
What do you think?
Michael