Is the Universal Login state parameter timeout configurable?

markd · December 9, 2021, 4:23pm

Referencing:

https://manage.empire-staging.auth0.com/docs/login/universal-login/configure-default-login-routes

The state parameter points to a record in an internal database where we track the status of the authorization transaction. Whenever the transaction completes, or after a set time passes, the record is deleted from the internal database.

Is the value for “set time passes” documented anywhere, or do we know what it is? And is it configurable?

dan.woda · December 9, 2021, 11:24pm

Hi @markd,

I found an internal reference saying it is tied to the Inactivity timeout settings. I tested it and had some success limiting the length of state’s ttl. I think the issue would be that this settings has greater effect than just the state’s ttl.

Can you share your use case?

markd · December 10, 2021, 2:31pm

Use case: I want the state parameter to time out quickly so I can test the tenant and application default login URIs.

dan.woda · December 10, 2021, 5:28pm

If this is just for testing you can try setting the timeouts to 1 and it should make that process easier. Would that do it?

markd · December 15, 2021, 1:48pm

That should work! Thanks Dan.

Topic		Replies	Views
Password login via OIDC-conformant clients with externally-hosted login pages is unsupported Help classic-universal-login-experience , login-experience	2	306	April 2, 2024
State Parameter Validation Length Knowledge Articles validation , state , parameter	1	1945	November 10, 2022
Invalid State Error After Long Inactivity on Universal Login Page Help classic-universal-login-experience , login-experience	4	93	October 10, 2024
Universal Login keep user logged in Help login	2	4337	February 11, 2019
Need to change the time out exception for the login page Help login-experience , new-universal-login-experience	2	13	October 2, 2024

Is the Universal Login state parameter timeout configurable?

Related Topics