Password login via OIDC-conformant clients with externally-hosted login pages is unsupported

Hi i am using universal login screen and if i stay on the login screen for a long time without submitting login details, I get an error when I submit after + 1 hour waiting time here is a screenshot of the error:

Note I have event removed bot detection.

Hey there @sellochrismodise !

When the client application sends the /authorize request to Auth0, the state parameter is automatically created (which is linked with the entire login flow) and added to the authorize URL - but its lifetime is limited and the error you receive can be because it has already expired.

Can you please verify what value is set for the Require log in after in the Advanced section of Auth0 tenant Settings? This value influences how long the state parameter is valid.

Please note that the maximal lifetime, regardless of this setting, is 3 days.

Please let us know your findings or if you have any other questions on that!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.