Ah, I was only aware of that last scenario. Serves me right for butting in on things I know next to nothing about. ;)

On 6 April 2016 at 12:21, Stian Thorgersen <sthorger@redhat.com> wrote:
The page is no longer valid, that's really what's going on ;)

There's mainly three scenarios when this happens:

* User clicks link twice in an email (for example reset password)
* User clicks link in email after it has expired
* User spends to long on the login form(s)

Problem is that we don't know exactly which of the above is the problem as the session details may be lost. So I believe "This page is no longer valid" is generic and still gives the user an idea of what's happened. Refreshing the page is not going to help as the page is no longer valid (login details are either lost due to timeout, or login has already happened), so to resolve the problem the user has to "try login again from the application". We can replace "the application" with the name of the client if we now it and also make it clickable if the client has a baseurl set.

On 6 April 2016 at 12:11, Guus der Kinderen <guus.der.kinderen@gmail.com> wrote:
"Not long valid" is somewhat vague. To avoid confusion, I'd try to be as clear as possible about what's going on and what should be done to resolve the problem. At the same time, do not refer to the user ('you') directly, to have a friendlier tone-of-voice:

"A timeout has occurred. Please reload this page."

On 6 April 2016 at 12:04, Stian Thorgersen <sthorger@redhat.com> wrote:
I suggest we change the error message when a login times out or a code is not valid to:
"This page is no longer valid, please retry login from the application" and also include a link to the application if available.

I think that's more user friendly than "You took to long" and "We're sorry...".

keycloak-dev mailing list