# Expiration

It may come that the **APP** never receives any reply to its request from the **HAS**.

There can be many reasons for this, like users not starting their **PKSA** or not approving or denying authentication requests they receive.

The **APP** should monitor requests' expiration against the `expire` timeout provided in the `auth_wait` message. They should abort the authentication process and discard pending requests as well as any related reply they may receive.