Hi @chaitrk
Thank you for reaching out to us!
Once the idle time of 2 hours is reached, the Auth0 session expires as intended, but if your application attempts a token exchange or silent authentication, the request is rejected because the session does not exist anymore. In this scenario, my assumption is that you do not have a redirection to the login screen implemented for such scenarios, hence why you are presented with the mentioned error message instead.
If the user interacts with your application after the 2 hour period, because the session has expired, the Auth0 server will likely return one of the following errors : login_required or consent_required and at this moment, if your application is not configured to catch these errors and explicitly trigger logout() or loginWithRedirect(), then you will receive the generic “an error occurred during authorization flow” error message.
My suggestion for fixing this behaviour would be to implement the logic in your application or SDK to catch the mentioned errors from the Auth0 server and trigger a redirect to the login page for the user.
I recommend reading through the following resources, as they can prove useful for further understanding such behaviours:
- How to redirect user to login when token is expire;
- Configure Silent Authentication;
- Configure Session Lifetime;
- Sessions
Hope this helped!
Have a great one,
Gerald