diff --git a/app/controllers/concerns/authentication.rb b/app/controllers/concerns/authentication.rb
index 456c874..d623d3f 100644
--- a/app/controllers/concerns/authentication.rb
+++ b/app/controllers/concerns/authentication.rb
@@ -120,11 +120,11 @@ module Authentication
       # Generate a secure random token
       token = SecureRandom.urlsafe_base64(32)
 
-      # Store it with an expiry of 30 seconds
+      # Store it with an expiry of 60 seconds
       Rails.cache.write(
         "forward_auth_token:#{token}",
         session_obj.id,
-        expires_in: 30.seconds
+        expires_in: 60.seconds
       )
 
       # Set the token as a query parameter on the redirect URL
diff --git a/app/controllers/oidc_controller.rb b/app/controllers/oidc_controller.rb
index b3f36a1..62e4067 100644
--- a/app/controllers/oidc_controller.rb
+++ b/app/controllers/oidc_controller.rb
@@ -46,20 +46,20 @@ class OidcController < ApplicationController
 
     # Validate required parameters
     unless client_id.present? && redirect_uri.present? && response_type == "code"
-      render plain: "Invalid request: missing required parameters", status: :bad_request
+      render plain: "Invalid request", status: :bad_request
       return
     end
 
     # Validate PKCE parameters if present
     if code_challenge.present?
       unless %w[plain S256].include?(code_challenge_method)
-        render plain: "Invalid code_challenge_method. Supported: plain, S256", status: :bad_request
+        render plain: "Invalid request", status: :bad_request
         return
       end
 
       # Validate code challenge format (base64url-encoded, 43-128 characters)
       unless code_challenge.match?(/\A[A-Za-z0-9\-_]{43,128}\z/)
-        render plain: "Invalid code_challenge format. Must be 43-128 characters of base64url encoding", status: :bad_request
+        render plain: "Invalid request", status: :bad_request
         return
       end
     end
@@ -67,13 +67,13 @@ class OidcController < ApplicationController
     # Find the application
     @application = Application.find_by(client_id: client_id, app_type: "oidc")
     unless @application
-      render plain: "Invalid client_id", status: :bad_request
+      render plain: "Invalid request", status: :bad_request
       return
     end
 
     # Validate redirect URI
     unless @application.parsed_redirect_uris.include?(redirect_uri)
-      render plain: "Invalid redirect_uri", status: :bad_request
+      render plain: "Invalid request", status: :bad_request
       return
     end