Magic Link expiration more than 24 hours

angelinebbg · 2024-09-03T15:44:34.464Z

Hello everyone,

I would like to send a Magic link but with a link expiration more than 24 hours.

I found this method :

Magic link with >24 hour expiration? Questions

In my app sends invitations to users that should log them in and offer them a gift. I’m using magic links for these to make the process as smooth as possible for the recipients, but in my use case it’s likely that the user might wait a day or two to visit the link. Is there any way to get around the 24 hour expiration limitation in bubble? I considered trying to roll this myself using unique ids of the invitation records as the key to get in, but I couldn’t figure out how to make that work wi…

But I did not get it, it does not work on my side.

Some of you have achieved to make a magic link more than 24 hours ?
If yes, how did you do it ? Could you explain me the process?

OR, do you know another method to allow the user to go directly inside his/her account when he clicks on the link received by email?

Thank you so much

eliot1 · 2024-09-03T16:07:14.350Z

Hi I did something like this on one of my project. But it’s kind of a security breach for your app that can be hacked by brute force.

We did as follow:

Create a page with a workflow on load that trigger an API connector / backend workflow to regenerate a magic link based on a user unique id in the URL parameters
This workflow was a backend workflow we used in the API connector so we can get the response (the magic link URL)
Then we just wait X sec then redirect to the response URL
Bubble did the rest. And the user was connected

But I highly recommend to not use this kind of technique. Because like I said in the beginning, there is some kind of security breach there.

angelinebbg · 2024-09-03T16:27:30.979Z

Hello,

Did you do the same process that @yusaney1 proposes on the post below ?
Magic link with >24 hour expiration? - #11 by Steve_W

Because on my side, it did not work.

I will ask for the security breach with my partner,

thank you.

eliot1 · 2024-09-03T16:39:53.647Z

Yes kinda.
But I remember struggling on 2 stupid things

about the url of the POST call in the API connector. Check that your URL is not the version-test one.
And when redirecting I did a find and replace to the link because I obtained a [domain].bubbleapps.io link when I needed a [subdomain].[domain].com link

angelinebbg · 2024-09-03T16:45:28.559Z

Thank you so much

I am kind of afraid about Hacking so maybe we will forget it.

I have a question :
Do you think it is possible to send an email (Via Sendgrid) to the User,
He.she clicks on a link to go on the app and we ask him to fill out :

identification
Password

To connect on his/her account.

BUT:
Is it possible to fill the identification with th email directly ? So the User writes onlyt the password ?

Thank you

eliot1 · 2024-09-03T16:56:42.040Z

Yes absolutely possible if you pass a parameter in the link of your email to find the the right user’s email/id.
2 + 1 options:

have bubble users unique id available in sendgrid to customize dinamically the link with it and then in the bubble landing page search Users where unique id = URL parameter’sid:first item email to populate the identification input
same technique but pass directly the email as parameter. But it’s a little bit less secure than the first option. Because someone can try to find your user’s email by testing different value in this parameter.

system · 2024-11-12T15:45:25.553Z

This topic was automatically closed after 70 days. New replies are no longer allowed.