Hi, It comes from the fact that the OAuth code (which is the service ticket) is computed before the confirmation screen is displayed : thus, if you stay too much time on the screen before clicking on the "Confirm" button, the code will be expired. The only solution is to setup a longer timeout for service ticket (1 minute for example instead of 10 seconds by default).
It's not really a bug, but the truth is that the design could be greatly improved here. The confirmation screen timeout should be leverage on the web session timeout, not on the service ticket timeout. We already talked about that and I thought a JIRA had been opened. Though, I couldn't find it back so I opened one : https://issues.jasig.org/browse/CAS-1282. I plan to work on OAuth module very soon. Best regards, Jérôme -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
