By default, the OAuth Toolkit (OTK) sets a timeout value of 5 minutes for the authorization server login and consent pages.

Should a user remain idle at either of these pages for more than this timeout value they will receive the below error:

{

  "error":"invalid_request",

  "error_description":"The session has expired or already been granted. The login process has to be repeated to be successful"

}

How can the timeout value be increased?

This value is stored in the variable "sessionIdCacheAge" within the "OTK Authorization Server Configuration" encapsulated assertion.

As the policy is read-only in OTK 4.x you will need to copy the variable assertion to the accompanying hash policy "#OTK Authorization Server Configuration"

to modify its value. Extreme care should be taken in modifying this value as not increase it too high.