I kept my okta login page idle for couple of hours now when i try to log in back its giving me 400 error.Is it anything to do with okta_key ? i was able to reproduce it when i tampered the okta key and send back the request .
You are correct. The okta_key has a fixed lifetime, so anything over ~5 minutes will result in an error.
If you believe this is a common case that your users will encounter (I’d argue that it is a fringe case), you can always redirect back to your /login path on the 4xx error.