RE: Doubling of login records

The interval between authorization attempts in event logs (at least 10 sec between them) points to the human attempts and we see the login doubling often happens on the next day so we suspect the following scenario: user leaves the application page not closing it and is logged out due to inactivity, which means he is redirected to FA login page and uses it next day. We think the FA login page after some period of time "expires" (some login id in cookies or something like that) and further OAuth negotiation on application side fails, user is redirected back to the fresh FA login page, enters credential again and login succeeds.

How can we increase or disable that FA login page expiration?

@mark-robustelli

Also we have 3 login records and only 2 corresponding entries (for the same minute) in event logs:

@mark-robustelli

We have the following records in event log for doubled logins at the same minute:

OAuth2 exchange authorization code debug log for [******] with clientId [XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX055].

6/25/2025 07:17:54 PM Z Validate the provided authorization code [VqER3sOWcAn2RuONY0BPHK-_TAt3hb1y92fwwj8mDNY].
6/25/2025 07:17:54 PM Z Validate PKCE code_challenge [crUqHYRAXwg-yyUFsei4-I9rmZ1SQiz0sC76ARgPtYA] provided during the authorization request with the provided code_verifier [pDyk_bw-BKUPyCfpTcVn694YoutV9_2gH0yIP09710g]. Calculated code_challenge [crUqHYRAXwg-yyUFsei4-I9rmZ1SQiz0sC76ARgPtYA].
6/25/2025 07:17:54 PM Z Scopes requested [openid profile email]
6/25/2025 07:17:54 PM Z Ensure the provided request parameters match those provided the authorization request.
6/25/2025 07:17:54 PM Z User is registered for application with Id [XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX055] the [roles] and [applicationId] claims will be added.
6/25/2025 07:17:54 PM Z The authorization code has been successfully exchanged for an access token.

OAuth2 exchange authorization code debug log for [******] with clientId [XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX055].

6/25/2025 07:17:44 PM Z Validate the provided authorization code [BjWl6NxsoTZG_wqCOaBegQzWbDI8WBnid4sPQDk9eCM].
6/25/2025 07:17:44 PM Z Validate PKCE code_challenge [h-n3xKiN9XmcWtJOBbALv6S4Rf9w-LSeuFgoxJIT8bU] provided during the authorization request with the provided code_verifier [ptFznenHB4Mq4fhsRi-h77GPA1XCkWgl2XpPAPYJaK0]. Calculated code_challenge [h-n3xKiN9XmcWtJOBbALv6S4Rf9w-LSeuFgoxJIT8bU].
6/25/2025 07:17:44 PM Z Scopes requested [openid profile email]
6/25/2025 07:17:44 PM Z Ensure the provided request parameters match those provided the authorization request.
6/25/2025 07:17:44 PM Z User is registered for application with Id [XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX055] the [roles] and [applicationId] claims will be added.
6/25/2025 07:17:44 PM Z The authorization code has been successfully exchanged for an access token.

Where can we find such logs on FA server ?

We're trying to get those logs from our admins.

In most (but for some reason not all) cases when user logins using FA login page via OAuth there are two records in admin FA login records, why is this happening and how to fix it?