1

When testing with login "tfa_choice", I chose answer "Fail" to the question. As expected, the login failed. However, submitting another answer, like "Wilson" with the same challenge_session_id, challenge_node_id and challenge_id, I got back the AggCatException 408:

The challengeSessionId cannot be found or has expired

The second submission was within a minute from the first one. Is this result expected in the sense that the challengeSessionId is expired right after the first answer?

Manas Mukherjee
  • 5,270
  • 3
  • 18
  • 30
hngo
  • 151
  • 6
  • It looks like an expected behavior. Ref Doc - https://developer.intuit.com/docs/0020_customeraccountdata/customer_account_data_api/0020_api_documentation/0020_discoverandaddaccounts#Status_Codes When u r submitting the request for the 2nd time, please check if you r getting a different nonce and timestamp value. Ref - http://oauth.net/core/1.0/#nonce "A nonce is a random string, uniquely generated for each request. The nonce allows the Service Provider to verify that a request has never been made before". I can test and confirm this behavior on Monday. Thanks – Manas Mukherjee Jul 27 '13 at 05:57

1 Answers1

1

A challenge session id is only valid for one challenge. If the challenge fails a new discover call will need to be made to re-answer the question. If the response of the challenge takes longer than 5 minute the session has timed out and will return the same error message.

Ben Gummelt
  • 101
  • 3