Magic link created with wrong domain name from non authenticated backend workflow

I have a workflow that creates a magic link and sends it to a user (imagine an HR admin is sending survey links to employees and the link should log them in and get them started on the survey).

This works perfectly if the workflow is triggered by a user from a front end action.

However, if the workflow is triggered by another workflow on the back end (in my case I need to respond to a webhook request verifying payment and send the links) the links do not work. The user reaches the success page, but is not logged in. No error is thrown that I could find.

After much debugging, I determined that the issue is this (screenshot from my logging table):

Bug: When the link is generated from the front end by the user, the custom domain name is correctly used, but when generated from the back end it still uses the old domain.

Workaround: doing a find/replace on the link before sending it to correct the domain name error results in the correct behavior.

ALSO this bug was discovered once before and reported on the thread announcing this feature, but here we are 10 months later and it’s still happening, which is a bit disappointing.

@bubble are you aware of this issue/is there a plan to fix it?

Nice sleuthing.

Perhaps nobody reported it. If it doesn’t get in front of an engineer, it’s unlikely to be addressed.

1 Like

I made an official bug report after posting this here, so hopefully it is on their radar now.

TBH I wouldn’t be surprised if they don’t fix it any time soon because I imagine this is affecting a small % of users and there is a relatively straightforward workaround…but definitely will cost everyone who runs into it some serious time. I was already doing a lot of logging from this flow because it’s one of the most complex/error prone/fragile pieces of my app, so I was pretty quickly able to spot the link inconsistencies.

However it was only because I got tired of having to trigger the back end via the webhook process and gave myself a development link on the front end to run it that I was able to notice the behavior was different in the two cases.

I’m just glad things are working now, but this one definitely causes very unexpected and hard to locate issues.

1 Like

This topic was automatically closed after 14 days. New replies are no longer allowed.