Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More gracefully communicate to users when they've clicked a magic sign in URL that's expired #323

Open
jsonin opened this issue Sep 24, 2024 · 3 comments
Open

More gracefully communicate to users when they've clicked a magic sign in URL that's expired #323

jsonin opened this issue Sep 24, 2024 · 3 comments
Labels
bug

Comments

@jsonin
Copy link
Contributor

jsonin commented Sep 24, 2024

When I ask SP for my login token, the email that gets spit back to me after the request has the token and a URL... the URL doesn't work (the token does).
@jsonin jsonin added the bug label Sep 24, 2024
@fermion
Copy link
Collaborator

fermion commented Sep 28, 2024

@jsonin the URL works fine for me in development and in production 🤔

@jsonin
Copy link
Contributor Author

jsonin commented Sep 30, 2024

This seems to have... vanished.

@fermion
Copy link
Collaborator

fermion commented Sep 30, 2024

For posterity, I suspect the email links being clicked were > 10 minutes old. After that point the magic URLs / tokens become invalid and won't work. We could/should detect this case and handle it more gracefully than, say, a sign in attempt that has no passwordless session waiting for it.

@fermion fermion changed the title URL broken in token confirmation email More gracefully communicate to users when they've clicked a magic sign in URL that's expired Sep 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
StaffPlan v3
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fermion @jsonin