FusionAuth · spwitt · Sep 4, 2024 · Jun 21, 2024 · Jun 27, 2024 · Jun 27, 2024
diff --git a/...lic/img/docs/get-started/core-concepts/tenant-configuration-extId-durations.png b/...lic/img/docs/get-started/core-concepts/tenant-configuration-extId-durations.png
diff --git a/astro/src/content/docs/apis/_tenant-request-body.mdx b/astro/src/content/docs/apis/_tenant-request-body.mdx
@@ -170,11 +170,17 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx';
     <TenantGeneratorTypeConfigRules generator_display_name="email verification one time code" />
 
   </APIField>
+
   <APIField name="tenant.externalIdentifierConfiguration.externalAuthenticationIdTimeToLiveInSeconds" type="Integer" optional defaults="300" since="1.12.0">
     The time in seconds until an external authentication Id is no longer valid and cannot be used by the Token API. Value must be greater than 0.
 
     Prior to version `1.28.0` this value was required.
   </APIField>
+
+  <APIField name="tenant.externalIdentifierConfiguration.loginIntentTimeToLiveInSeconds" type="Integer" optional defaults="1800" since="1.52.0">
+    The time in seconds until a Login Timeout identifier is no longer valid to complete post-authentication steps in the OAuth workflow. Must be greater than 0.
+  </APIField>
+
   <APIField name="tenant.externalIdentifierConfiguration.oneTimePasswordTimeToLiveInSeconds" type="Integer" optional defaults="60" since="1.8.0">
     The time in seconds until a One Time Password is no longer valid and cannot be used by the Login API. Value must be greater than 0.
 

diff --git a/astro/src/content/docs/apis/_tenant-response-body-base.mdx b/astro/src/content/docs/apis/_tenant-response-body-base.mdx
@@ -139,6 +139,10 @@ import JSON from 'src/components/JSON.astro';
     The time in seconds until an external authentication Id is no longer valid and cannot be used by the Token API. Value must be greater than 0.
   </APIField>
 
+  <APIField name={props.base_field_name + '.externalIdentifierConfiguration.loginIntentTimeToLiveInSeconds'} type="Integer" since="1.52.0">
+    The time in seconds until a Login Timeout identifier is no longer valid to complete post-authentication steps in the OAuth workflow. Must be greater than 0.
+  </APIField>
+
   <APIField name={props.base_field_name + '.externalIdentifierConfiguration.oneTimePasswordTimeToLiveInSeconds'} type="Integer" since="1.8.0">
     The time in seconds until a One Time Password is no longer valid and cannot be used by the Login API. Value must be greater than 0.
   </APIField>

diff --git a/astro/src/content/docs/get-started/core-concepts/tenants.mdx b/astro/src/content/docs/get-started/core-concepts/tenants.mdx
@@ -757,6 +757,9 @@ The Rate limit settings allow you to set a number of times an action can be atte
   <APIField name="External Authentication" required>
     The number of seconds before the External Authentication identifier is no longer valid to complete the Authentication request.
   </APIField>
+  <APIField name="Login timeout" required>
+    The number of seconds before the Login Timeout identifier is no longer valid to complete post-authentication steps in the OAuth workflow.
+  </APIField>
   <APIField name="One Time Password" required>
     The number of seconds before the One Time Password identifier is no longer valid to complete a Login request.
   </APIField>
@@ -787,6 +790,12 @@ The Rate limit settings allow you to set a number of times an action can be atte
   <APIField name="Two Factor Trust" required>
     The number of seconds before the Two Factor Trust is no longer valid and the user will be prompted for Two Factor during login.
   </APIField>
+  <APIField name="WebAuthn authentication" required>
+    The number of seconds before the WebAuthn authentication challenge is no longer valid and the user will need to restart the authentication workflow.
+  </APIField>
+  <APIField name="WebAuthn registration" required>
+    The number of seconds before the WebAuthn registration challenge is no longer valid and the user will need to restart the credential registration workflow.
+  </APIField>
 </APIBlock>
 
 

diff --git a/astro/src/content/docs/reference/cookies.mdx b/astro/src/content/docs/reference/cookies.mdx
@@ -36,6 +36,7 @@ Cookies set by the hosted login pages are displayed here for informational purpo
 |--------------------------------|------------|-----------------------------------------------------------------------------------|
 | `fusionauth.flash-message`     | Request    | Used to display a message across requests.                                        |
 | `fusionauth.known-device.*`    | Persistent | Identifies a device known to FusionAuth. More than one cookie may be set.         |
+| `fusionauth.li`                | Persistent | Used to support post-authentication steps during login.                           |
 | `fusionauth.locale`            | Persistent | The locale used to localize the themed pages.                                     |
 | `fusionauth.pkce-verifier`     | Request    | Used to support Proof Key for Code Exchange during login.                         |
 | `fusionauth.remember-device`   | Persistent | Records if the user wants to remain logged in on this device.                     |

diff --git a/astro/src/content/json/tenants/request.json b/astro/src/content/json/tenants/request.json
@@ -163,6 +163,7 @@
         "type": "randomAlphaNumeric"
       },
       "externalAuthenticationIdTimeToLiveInSeconds": 300,
+      "loginIntentTimeToLiveInSeconds": 1800,
       "oneTimePasswordTimeToLiveInSeconds": 60,
       "passwordlessLoginGenerator": {
         "length": 32,

diff --git a/astro/src/content/json/tenants/response.json b/astro/src/content/json/tenants/response.json
@@ -164,6 +164,7 @@
         "type": "randomAlphaNumeric"
       },
       "externalAuthenticationIdTimeToLiveInSeconds": 300,
+      "loginIntentTimeToLiveInSeconds": 1800,
       "oneTimePasswordTimeToLiveInSeconds": 60,
       "passwordlessLoginGenerator": {
         "length": 32,

diff --git a/astro/src/content/json/tenants/responses.json b/astro/src/content/json/tenants/responses.json
@@ -163,6 +163,7 @@
           "type": "randomAlphaNumeric"
         },
         "externalAuthenticationIdTimeToLiveInSeconds": 300,
+        "loginIntentTimeToLiveInSeconds": 1800,
         "oneTimePasswordTimeToLiveInSeconds": 60,
         "passwordlessLoginGenerator": {
           "length": 32,

diff --git a/astro/src/content/json/tenants/search-response.json b/astro/src/content/json/tenants/search-response.json
@@ -163,6 +163,7 @@
           "type": "randomAlphaNumeric"
         },
         "externalAuthenticationIdTimeToLiveInSeconds": 300,
+        "loginIntentTimeToLiveInSeconds": 1800,
         "oneTimePasswordTimeToLiveInSeconds": 60,
         "passwordlessLoginGenerator": {
           "length": 32,

diff --git a/config/spellcheck/knownwords.txt b/config/spellcheck/knownwords.txt
@@ -1580,6 +1580,7 @@ loginId
 loginIdAttribute
 loginIdType
 loginIds
+loginIntentTimeToLiveInSeconds
 loginMethod
 loginProvider
 loginRecordConfiguration