The standard SMS OTP and Email OTP methods do not currently provide any type of error message when the OTP period is exceeded and the user inputs the expired OTP, instead of providing any type of error message, it just sends a new SMS/Email OTP again.
Customer would like to have a customizable error message similar to: "SMS/Email OTP Expired. Resending new one time password." provided in this situation to give the end users more feedback/guidance. (Ideally customizable under Policies ⇨ Custom Messages ⇨ 'errors.sms_otp_expired' and 'errors.email_otp_expired'?)