Hi all,
In our login system, if a user attempts to log in with the correct credentials after one hour of inactivity on the okta login page, they receive an ‘invalid token provided’ error in red above the username field. This prevents them from logging in until they open a new window/browser of the login page (navigate to application → user not logged in → redirected to Okta sign-in page).
Are there any industry standards or best practices to handle such scenarios? Ideally, we would like to provide users with a clear message instructing them to close and reopen a new browser tab/window to log in again.
PS: We do not want to extend the expiry time of the login screen.
Thanks