For MFA timeout - we want to redirect the user back to the auth0 login page but back buttons or history/location reloads are giving unauthorized errors. Is there a specific cookie that needs to be refreshed or state update to make this work?
Unfortunately, after the MFA prompt completely times out (after ignoring the “Resend push notification” messages), there’s no good way to recover, and the login flow needs to be restarted (by initiating a new request from the application). This means that if the user wants to use the back button or history, they need to go back to the application itself, and the application news to issue a new
/authorize token request.
I understand that errors caused by going directly to the login page (either by using the back button, the history list or a bookmark) are a less than ideal experience. There are ongoing discussions on what the server can do to help. While this is not a promise of any kind, I would expect some improvements on this in the future.
Ahh ok - thank you for the feedback!