Consolidate login timeout settings
Summary
We have too many different timeout for "waiting for the user to do something"
- formTimeout
- issuersTimeout
- mail2fTimeout
- mailTimeout
- registerTimeout
- oidcRPStateTimeout
- samlRelayStateTimeout
All these timeout have different, sometimes inconsistent values (samlRelayStateTimeout vs issuersTimeout in SAML-to-SAML scenario) of values that are too short by default (formTimeout, #2544 (closed))
Design proposition
We should consolidate all these timeouts into broader categories.
For example:
- "User action that should be done quickly" => validating an info message, etc, could be 2 minutes by default
- "User action that takes some time" => filling a complex form, installing an OTP app, remembering their password => could be 5 or even 10 minutes by default
- etc.
As an example, this is how Keycloak does it: