Getting a 400 login_required after 15 minutes of sitting at the login page

After logout, when I login back after 15 minutes or so, Okta throws 400 Bad request error.
What is the solution for this?

Does this happen in the middle of an SP-initiated flow, such as the authorize call made by an OIDC app, which sends you to the Okta login page to authenticate?

This is likely related to the following expected behavior when a sp-init transaction is not completed within 15 minutes and must be restarted: Okta Help Center (Lightning)

No. It happens when I leave the sign in page as is for like 15 or more minutes. No call is being made at that time.

After logout, are you just sitting on the Okta login page? What’s the URL in the address bar (feel free to censor out your actual org domain, I just want to see the path)?

This is the URL I get


Then this will still be the same issue I mentioned, where the okta_key has a 15 minute lifetime and, if you stay on the login page for more than 15 minutes, it will expire. In order to login successfully, the user should refresh the login page.

More details in this Help Center discussion: Need to update okta_key default expiry value which is 15 mins

Is there any solution for this?

As I mentioned, the solution is to refresh the login page and restart the login process.

Is there anyway we can extend that time?(15 mins)

At this time, no there is not, but there are two Feature Requests filed in our Ideas center regarding this lifetime that you can vote on: and

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.