Login after state parameter expires

Ready to post? First, try searching for your answer.
Hi,

In our React application a user can successfully login within an hour of being on the Universal login page. However, after an hour of inactivity the state parameter gets invalidated by Auth0.

They are hit with a “Opps!, something went wrong” screen. The log displays “A user has attempted to access a login page directly. This is not supported unless a Application Login URI is set for your application”. They then have to go back to the login page and fill out their credentials again. After this, they are successfully routed to the application’s landing page.

I went ahead and set up the “Application Login URI”, but instead of hitting the “Opps!, something went wrong”, it redirects them to the login page again where they have to fill out their credentials again.

Is this expected? Do I have something misconfigured?

Hi @scollins,

Welcome to the Auth0 Community,

If the end-user makes no contact with the Authorization server the state parameter will get automatically invalidated by Auth0 after a maximum of 1 hour of inactivity, so you are correct with that. Unfortunately the value of the state can not be changed since it is an internal artifact set this way for security reasons, as mentioned in our Knowledge article.
More information can be found under this article as well.

Thank you for your post and i hope this helped.
Best regards,
Remus

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.