Notifications do not expire as is common with many MFA solutions today?
Repro or Code Sample
Expected Behavior
Is this by design? What should be the expected behavior?
If a user taps on a notification that has passed the expiration time, the app should tell them that it is no longer valid, or the app could just remove the notifications for any expired requests.
Current Behavior
If requests do expire, it is not clear from a user's perspective using the app. Based on testing however, notifications that were at least an hour old could still be authenticated.
Possible Solution
Could this be a configuration option for branded apps, or organizations?
relates to #6
Context
Your Environment
OS & Device: [e.g. MacOS, iOS, Windows, Linux] on [iPhone 7, PC]
Browser [e.g. Microsoft Edge, Google Chrome, Apple Safari, Mozilla FireFox]
Bug Report
Notifications do not expire as is common with many MFA solutions today?
Repro or Code Sample
Expected Behavior
Is this by design? What should be the expected behavior?
If a user taps on a notification that has passed the expiration time, the app should tell them that it is no longer valid, or the app could just remove the notifications for any expired requests.
Current Behavior
If requests do expire, it is not clear from a user's perspective using the app. Based on testing however, notifications that were at least an hour old could still be authenticated.
Possible Solution
Could this be a configuration option for branded apps, or organizations? relates to #6
Context
Your Environment