Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe your problem

When a login or consent challenge expires Hydra returns a HTTP 401 with an error indicating the expiry. However this makes it hard for the consent app to resolve the error state. This issue will mostly arise when the user has requested a login form which embeds the login challenge, and they leave the form open until the challenge has expired. This is hard for the consent app to resolve as it can no longer view the login request at this point.

Describe your ideal solution

Ideally Hydra would return a HTTP 410 and include where the consent app should redirect to in order to resolve this error state. Like how hydra responds for handled challenges. #2057 (comment)

Workarounds or alternatives

Was able to somewhat work around this by extracting the request url and return it as a hidden field in the login form. Then on login form submission I match the expired challenge errors, and redirect to the request url to restart the flow.

Version

2.2.0

Additional Context

No response