Problem statement
Due to the Migrate to 1-Hour Login Flows Expiration changes, the customer added the “Application Login URI” to handle the redirect to handle max login traction expiration.
For the Classic Universal Login Experience, after 1 hour, users received the following error:
access_denied: Password login via OIDC-conformant clients with externally-hosted login pages is unsupported. Alternatively, login could have been initiated from the wrong place (e.g., a bookmark).
With the New Universal Login enabled the user was redirected to the “Application Login URI” page correctly after one hour (the maximum expiration time for login transactions).
Why was the user not redirected to the Classic Univeral Login Experience?
Steps to reproduce
- enable Classic Universal Login Experience
- on the application, configure the Application Login URI.
- log into the application
- stay on the page for over 1 hour without activity
- refresh the page, the user gets the error:
access_denied: Password login via OIDC-conformant clients with externally-hosted login pages is unsupported. Alternatively, login could have been initiated from the wrong place (e.g., a bookmark).
Solution
With the current design, this is not possible. Auth0 can not set up the custom URL to redirect users if the max expiration time for login has been reached for the Classic Universal Login Experience. This only works for the New Universal Login Experience.