By default, the OAuth Toolkit (OTK) sets a timeout value of 5 minutes for the authorization server login and consent pages.
Should a user remain idle at either of these pages for more than this timeout value they will receive the below error:
{
"error":"invalid_request",
"error_description":"The session has expired or already been granted. The login process has to be repeated to be successful"
}
How can the timeout value be increased?
This value is stored in the variable "sessionIdCacheAge" within the "OTK Authorization Server Configuration" encapsulated assertion.
As the policy is read-only in OTK 4.x you will need to copy the variable assertion to the accompanying hash policy "#OTK Authorization Server Configuration"
to modify its value. Extreme care should be taken in modifying this value as not increase it too high.