Hi all,

I am using a client with urn:ietf:wg:oauth:2.0:oob.
If a user has too long to change his password, he will retrieve an error message. However, he can not restart the authentication process. 

As far as I understand the verifyAction method in the LoginActionsService, only the "authentication" action will reset the authentication flow. I think it would make sense to reset the authentication flow also if a user has too long to change his password or so. 

What do you think?

Michael