Currently login sessions have a limited lifetime. On the OAuth2 flow, if a user is redirected to the login page and then stays idle for a while; the session will expire and an error will be shown. The only solution they have is to go back to the calling application to re-trigger the OAuth2 flow.
In terms of user experience, this is not very good. We have to investigate if:
It's safe to auto-refresh this login session and if yes, under which limits?
How big names like Google handle that?
If we could re-trigger the OAuth2 flow by automatically redirecting back to the calling application?
Currently login sessions have a limited lifetime. On the OAuth2 flow, if a user is redirected to the login page and then stays idle for a while; the session will expire and an error will be shown. The only solution they have is to go back to the calling application to re-trigger the OAuth2 flow.
In terms of user experience, this is not very good. We have to investigate if: