By default, the OAuth Toolkit (OTK) sets a timeout value of 5 minutes for the authorization server login and consent pages.
Should a user remain idle at either of these pages for more than this timeout value they will receive the below error:
"error_description":"The session has expired or already been granted. The login process has to be repeated to be successful"
How can the timeout value be increased?
This value is stored in the variable "sessionIdCacheAge" within the "OTK Authorization Server Configuration" encapsulated assertion.
As the policy is read-only in OTK 4.x you will need to copy the variable assertion to the accompanying hash policy "#OTK Authorization Server Configuration"
to modify its value. Extreme care should be taken in modifying this value as not increase it too high.