On February 21, 2024, Auth0 will shorten the TTL for their login flow transactions. This mostly impacts apps using the Classic Universal Login, which will redirect those end users to an error page if they attempt to complete a stale login transaction. An example would be an unauthenticated person loading the login form, walking away from the form for an hour, then entering their credentials and submitting the form. Instead of logging the user in or even warning the user that their form session expired, the user will get redirected to an Auth0 error page, leaving them to find their own way back to the login form.
setTimeout that will restart the login flow when possible or show an error banner asking users to try their request again by reloading the page, as this is a better user experience.
For folks with many clients using the same app, you may think you’ll need to grab the client ID from the page and manually map the redirect value to the client-specific
initiate_login_url. While that can work, it turns out it can be as simple as calling,
window.location.reload() as this will have enough context to restart the login transaction and send users to the right place after a successful login, as confirmed by an Auth0 employee.
If you found this helpful, send me some coffee below or leave a comment ✌️