'Waiting' outcome of Push Result Verifier node causing excessive push authentication requests #2
Description
Hi there
Thanks for sharing this code.
In following the example flow you're proposing, I noticed a small error. I believe the 'Waiting' outcome for the Push Result Verifier node makes more sense to re-enter the Polling Wait node (as opposed to the Retry Limit Decision node).
The AM 6.5 - Authentication and Single Sign-On Guide explains this in more detail:
If the user has not yet responded, the tree loops back a step and the Polling Wait node pauses the authentication tree for another 8 seconds.
The Push Result Verifier node completes every 8 seconds, typically 'Waiting' for the user (in a repeated cycle of polling for an answer on the active push authentication request).
It appears the Retry Limit Decision node is instead intended for sending entirely new push authentication requests when s/he hasn't been answering them (within 2 minutes each time, or as per the Message Timeout value specified for the Push Sender node).
Therefore, for the Push Result Verifier node, the 'Expired' outcome enters the Retry Limit Decision node and the 'Waiting' outcome re-enters the Polling Wait node. And for the Retry Limit Decision node, the 'Retry' outcome re-enters the Push Sender node.
Reference
https://backstage.forgerock.com/docs/am/6.5/authentication-guide/#auth-node-push-sender