Okta Login Page Timeout error

Okta is implemented in an web browser control. Keep the okta login page idle for 15 minutes without entering credentials. After 15 minutes enter credentials and click on Signin button then we get 400 Bad request error. What is the reason for this and how to fix this?. Is there any timeout period for Okta after a login page is loaded in a browser?

Hi @sherin

What is the error message that you receive when the 400 Bad Request error occurs?

Hi @dragos,
Please find the error message.

400 Bad Request

Hi @sherin

Thank you for providing the screenshot. Indeed, there is a timeout of 15 minutes on okta_key, which is used to know where to redirect the user after he authenticates. You can find here more details about this error.

Thanks for the reply. But not clear about the resolution in that page. We are using IdentityModel.OidcClient to work with Okta.

Hi @sherin

The solution is to use Okta Sign-In Widget inside your local project which does the authentication of the user and immediately afterwards does the authorization.

Hi @dragos,
Thanks for the reply.Tried OKta Signin Widget, the issue is not in it and it is working fine. But since it is javascript, we can’t keep the parameters like clientid, issuer, redirecturl as secret and any one can view them in the source of the web page. So it is not secure to implement in our project.

Is there any option to increase the timeout of okta_key value in okta developer tool.?

I’m still seeing this issue. Has Okta fixed this problem? I cannot use the react Okta sign in widget since I need SSO across my apps. So I need to use the Okta hosted login screen. However, after the 15 minutes you let the page sit, my users get a 400 screen when they finally decide to login. But since the okta_key or whatever has expired, it doesn’t redirect them back into my app, they just get the 400 screen. If they then navigate directly to the app after seeing this 400 error, they’ll be taken into the app right away, which proves that they did authenticate and log in with Okta, but Okta chose to not redirect accordingly. I’m assuming because of this okta_key which has expired, which us developers, have no control over.

The Okta hosted login screen should never “expire”. I don’t understand why this is the case.

1 Like

This is also a problem for me.

The user experience is awful. They get a generic error with no suggested recourse.