2.1.4 Repeated authorization
Until the unauthorized channel is fully closed it is possible to attempt authorization again after unsuccessful authorization. It is a simple way of combining for example the implicit and explicit authorization. Application first tries the implicit authorization and when denied it requests login and password from the user and carries out explicit authorization. Repetition can be carried out after the bridge sends element auth with the attribute Status set to denial (i.e. not OK, not CONTINUE_NEEDED, COMPLETE_NEEDED nor COMPLETE_AND_CONTINUE). Initiated status automat of the selected mechanism must always be finished.