Due to the way the authentication process works there are some intermediate steps which are not repeatable. The user going back on history leads to an attempt to repeat one of those intermediate steps and the current default behavior is to show an error page; as an informal note, I’ve seen internal discussions where other options besides an error page were being discussed for situations similar to the one you mention, however, at this time I can neither provide you confirmation if that will happen or any timeline information.
The non-repeatable step is pretty much unavoidable due to how the underlying authentication protocol (OAuth2/OIDC) works, however, there are some things you may consider:
- if your application upon receiving the final redirect performs some automatic navigation of it’s own then it can put in the browser history at least one repeatable step; however, this would mostly be useful for the scenario where a user presses the back button by mistake as a sufficiently determined user could still go back many times and trigger a non-repeatable step that results on an error.
- if your application triggers the authentication in such way that it’s all performed within a popup window then all the non-repeatable steps would be associated with the popup window that gets automatically closed upon authentication being completed. However, using popups may be a problem on it’s own.
- in your account advanced settings you have a error pages section which would allow you to configure your own error page to where users should be redirected; this would not prevent the error, but it could possibly allow you to handle it a bit differently. However, this would be applicable for all types of errors which means it’s applying a global fix just for a specific issue so again it has it’s downsides.