Archived 2022.11.20. Content moved to Frequently asked error scenarios and their responses.
Question
When a consent has sharing_duration
=0, the cdr_arrangement_id
and consent are immediately expired upon creation.
Is this cdr_arrangement_id
displayed as expired in the Data Holder (DH) dashboard?
Can the consumer initiate a Withdrawal on this cdr_arrangement_id
?
Can the Accredited Data Recipient (ADR) still call the DH revocation end point with this cdr_arrangement_id
?
Answer
No withdrawal mechanism is required.
One-time consent with a sharing_duration=0 means the DH only issues an access token and no refresh token is issued. In this case, the consent remains accessible for the duration of the access token. This duration is DH dependent but must be between 2 and 10 minutes.
A consumer could initiate withdrawal on the ADR side,but practically speaking it is of limited benefit. An ADR may offer this functionality, however there is no point offering withdrawal if the consent has already expired.
The DH is expected to return an error if the revocation end point is called for an arrangement that has expired.
See:
Comments
0 comments
Please sign in to leave a comment.