Back
Magic Link token automatically consumed
Hi, I'm using the Magic Link auth system with Appwrite Cloud and I'm running into huge issues getting users to log in successfully.
About 9 times out of 10, the link sent by email is reported as invalid or expired. When I look at all the session connection attempts, I can see they're always validated, but :
- when I do manage to log in, I see a
Chrome iOS (France)entry in the logs (that's me). - when I can't log in, I see that the reason is something else has already consumed the link, and the IP is systematically a
Firefox / Windows (Finland)entry.
What can I do ? Where is this coming from ?
TL;DR
Developers are experiencing issues with Magic Link tokens being automatically consumed, causing login failures. The logs show that the tokens are being used by an unknown source ('Firefox / Windows (Finland)'), even though the sessions are validated. The developer is looking for a solution to prevent these unauthorized token consumptions. An investigation into the source of these unauthorized logins is needed to address the problem effectively.